[keycloak-dev] Clarification on Access Token and Refresh Token

[Bappaditya Gorai (bgorai)]

Hi  Keycloak Dev Team,
First of all congrats to you guys with your 1.0 Final release.

We have an application configured in Keycloack as public client, which is accessed using a java client (httpclient). However we don't see access_token coming out of Resource server. So for the next call to Resource server, my client need to repeat authorization steps all over again (If we don't maintain session in client side , which is our requirement) . I understand for web client (web browser)  session id is used by keycloak adapter to establish the authenticity  of the client for consecutive resource access calls.


1.       Is there any way to get the access_token  in resource server response (may be as a cookie ) as resource server adapter is doing "code to token" ? So that successive call to resource server we can send the access_token .


2.       Actually in my setup Resource Server/Application is behind load balancer. So session id may not be valid for different node. Is there any way to configure application/resource server so that

a)      Client can get back the access token.

b)      Refresh can also happen automatically.


3.       As per my understanding, currently  keycloak stores access token /refresh token etc  in server http session.   If there is way to  persist access token /refresh token etc in data store so that

a.       Inactivity/session will not clear these data. (Can provide longevity)

b.      Resource Servers can use load balancer setup.


Thanks
Bappaditya Gorai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20140919/49589799/attachment.html