[
https://issues.jboss.org/browse/ARTIF-748?page=com.atlassian.jira.plugin....
]
Eric Wittmann updated ARTIF-748:
--------------------------------
Description:
If the token expires, the server spits out:
{code}
14:25:07,534 WARN [org.keycloak.events] (default task-36) type=REFRESH_TOKEN_ERROR,
realmId=0c4049da-2746-468e-ab6d-49e51dd1f133, clientId=artificer-ui, userId=null,
ipAddress=127.0.0.1, error=invalid_token
14:25:07,560 ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default
task-37) Refresh token failure status: 400 {"error_description":"Refresh
token expired","error":"invalid_grant"}
{code}
The next time the browser makes a call to the UI services, Errai reports an uncaught GWT
exception. That call *must* be protected by Keycloak, in order for our Filter to pick up
the KeycloakSecurityContext and create the bearer token. However, the GWT exception shows
that the Keycloak *login page* is being served on the call, so Errai's JSON marshaller
barfs on the HTML.
APIMan (Angular UI) checks for a 401 response code and automatically refreshes the browser
to combat this. However, I'm not sure if that's possible in this case. Our use
of Errai's "Caller" pattern isn't kicking in for these errors
(completely sidesteps the ErrorHandler), I'm guessing due to it being a lower level
issue with the GWT marshaller.
Idea: Have a pure Javascript loop "ping" the UI services and check the
response.
was:
If the token expires, the server spits out:
14:25:07,534 WARN [org.keycloak.events] (default task-36) type=REFRESH_TOKEN_ERROR,
realmId=0c4049da-2746-468e-ab6d-49e51dd1f133, clientId=artificer-ui, userId=null,
ipAddress=127.0.0.1, error=invalid_token
14:25:07,560 ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default
task-37) Refresh token failure status: 400 {"error_description":"Refresh
token expired","error":"invalid_grant"}
The next time the browser makes a call to the UI services, Errai reports an uncaught GWT
exception. That call *must* be protected by Keycloak, in order for our Filter to pick up
the KeycloakSecurityContext and create the bearer token. However, the GWT exception shows
that the Keycloak *login page* is being served on the call, so Errai's JSON marshaller
barfs on the HTML.
APIMan (Angular UI) checks for a 401 response code and automatically refreshes the browser
to combat this. However, I'm not sure if that's possible in this case. Our use
of Errai's "Caller" pattern isn't kicking in for these errors
(completely sidesteps the ErrorHandler), I'm guessing due to it being a lower level
issue with the GWT marshaller.
Idea: Have a pure Javascript loop "ping" the UI services and check the
response.
Web UI: Refresh to /login when Keycloak token expires
-----------------------------------------------------
Key: ARTIF-748
URL:
https://issues.jboss.org/browse/ARTIF-748
Project: Artificer
Issue Type: Task
Reporter: Brett Meyer
Assignee: Brett Meyer
If the token expires, the server spits out:
{code}
14:25:07,534 WARN [org.keycloak.events] (default task-36) type=REFRESH_TOKEN_ERROR,
realmId=0c4049da-2746-468e-ab6d-49e51dd1f133, clientId=artificer-ui, userId=null,
ipAddress=127.0.0.1, error=invalid_token
14:25:07,560 ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default
task-37) Refresh token failure status: 400 {"error_description":"Refresh
token expired","error":"invalid_grant"}
{code}
The next time the browser makes a call to the UI services, Errai reports an uncaught GWT
exception. That call *must* be protected by Keycloak, in order for our Filter to pick up
the KeycloakSecurityContext and create the bearer token. However, the GWT exception shows
that the Keycloak *login page* is being served on the call, so Errai's JSON marshaller
barfs on the HTML.
APIMan (Angular UI) checks for a 401 response code and automatically refreshes the
browser to combat this. However, I'm not sure if that's possible in this case.
Our use of Errai's "Caller" pattern isn't kicking in for these errors
(completely sidesteps the ErrorHandler), I'm guessing due to it being a lower level
issue with the GWT marshaller.
Idea: Have a pure Javascript loop "ping" the UI services and check the
response.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)