[keycloak-dev] Smaller RefreshTokens?

Thomas Darimont thomas.darimont at googlemail.com
Sat Apr 6 07:09:42 EDT 2019

Previous message: [keycloak-dev] Session management improvement
Next message: [keycloak-dev] Smaller RefreshTokens?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

the refresh tokens which are currently issued by Keycloak contain standard
JWT claims and references to the Keycloak session. Additionally they also
contain realm roles and client role information together with the used
scope.

I'm wondering whether roles and scope information is required for refresh
tokens or could even be removed?

Cheers,
Thomas

Previous message: [keycloak-dev] Session management improvement
Next message: [keycloak-dev] Smaller RefreshTokens?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the keycloak-dev mailing list