[keycloak-dev] remember me/refresh token support in
Bill Burke
bburke at redhat.com
Mon Feb 24 20:37:59 EST 2014
* Remember me support is now in. Only works for non-social logins at
the moment though.
* admin console can now configure remember me, central login timeout,
refresh token timeout, access token timeout, and access code timeout
* Refresh token is always sent back with a grant request in the
AccessTokenResponse.
* Adapters will now check the access token's expiration on each request.
If it is stale, it will attempt to refresh it. BTW, this will fail if
the access token's roles allowed don't match the users or
application/oauth client scope anymore and the user will be redirected
back to the authentication server.
* Javascript adapter was also updated. I implemented a
onValidAccessToken(successCallback) method that will check the token,
refresh it if needed, then invoke a callback. The customer-app-js
example was updated to reflect using this callback method.
* I wrote a Javascript adapter docbook chapter and a small chapter on
what are the best practices for all the token timeout settings.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list