[keycloak-user] No refresh-token when requesting access token
Stian Thorgersen
stian at redhat.com
Fri May 16 12:10:40 EDT 2014
Sorry for the rather slow response, but this has been added to master now
----- Original Message -----
> From: "Nils Preusker" <n.preusker at gmail.com>
> To: keycloak-user at lists.jboss.org
> Sent: Friday, 2 May, 2014 2:35:00 PM
> Subject: [keycloak-user] No refresh-token when requesting access token
>
> Hi,
>
> I noticed that when I request an access token (curl -v -H "Content-type:
> application/x-www-form-urlencoded"
> http://localhost:8080/auth/rest/realms/keycloak-admin/tokens/grants/access
> --data "client_id=...&client_secret=...&username=...&password=..." -H
> "Accept: application/json"), the response doesn't contain a refresh token.
>
> Is this intentional? And might it change in future versions?
>
> According to http://tools.ietf.org/html/rfc6749#section-4.3 (which is the
> spec the above method implements, right?), the refresh token in the access
> token response is optional.
>
> If I'm not mistaken, adding .generateRefreshToken() here:
> https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/services/resources/TokenService.java#L201
> should do the trick, right?
>
> Cheers,
> Nils
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list