[keycloak-dev] Offline tokens
Bill Burke
bburke at redhat.com
Fri Aug 21 08:58:17 EDT 2015
On 8/21/2015 8:50 AM, Bill Burke wrote:
>
>
> On 8/21/2015 8:09 AM, Marek Posolda wrote:
>> - Actually, for the frontend adapters (both server and keycloak.js ) I
>> am thinking about adding the persistent cookie, which will be put on the
>> application after successful login and is valid for the same time like
>> the offline token (so couple of months). When browser is opened next
>> time, the adapter will find the cookie and send the validation request
>> to KC to check if offline token is still valid. This will allow the
>> browser application to be logged with the same offline token for couple
>> of months.
>>
>
> I don't understand why you need an offline token for browser
> applications. We already support persistent cookies.
>
IMO, but Stian disgreed IIRC, is that what would be needed would be a
persistent UserSessionModel/ClientSessionModel store. If an offline
token is requested, then the current UserSessionModel is cloned and
stored persistently and the client's accesstoken/refresh token
references this cloned persistent UserSession/ClientSession. Then you
don't have to have any special UI in the admin console to manage offline
sessions. These sessions would just have a flag showing if they are
offline or not.
I just don't like the idea at all of creating a completely parallel and
redundant model that is a near duplicate of UserSession/ClientSession.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list