[keycloak-user] Clarification of use case: simultaneous requests with expired token
Kuznetsov, Mike
mikhail.kuznetsov at hp.com
Thu Dec 11 17:20:32 EST 2014
Hello,
We are in the process of securing our REST APIs using Keycloak. Please confirm our understanding of the following:
We have a use case where our web client may SIMULTANEOUSLY send several REST API calls (r1, r2,r3...) to our server using the Access Token (at1) and Refresh Token (rt1).
When r1 is being handled, assuming that at1 is expired, server-side adapter will be taking care of getting new tokens (at2, rt2). Is it safe to assume that r2 and r3 will get hold of at2 and rt2? If so, is it valid to conclude that the adapter is maintaining state for the token.
Thank You,
Mikhail Kuznetsov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141211/8d1ac9d0/attachment.html
More information about the keycloak-user
mailing list