[keycloak-dev] remember me/refresh token support in
bburke at redhat.com
Mon Feb 24 20:37:59 EST 2014
* Remember me support is now in. Only works for non-social logins at
the moment though.
* admin console can now configure remember me, central login timeout,
refresh token timeout, access token timeout, and access code timeout
* Refresh token is always sent back with a grant request in the
* Adapters will now check the access token's expiration on each request.
If it is stale, it will attempt to refresh it. BTW, this will fail if
the access token's roles allowed don't match the users or
application/oauth client scope anymore and the user will be redirected
back to the authentication server.
onValidAccessToken(successCallback) method that will check the token,
refresh it if needed, then invoke a callback. The customer-app-js
example was updated to reflect using this callback method.
what are the best practices for all the token timeout settings.
JBoss, a division of Red Hat
More information about the keycloak-dev