[keycloak-user] No refresh-token when requesting access token
Nils Preusker
n.preusker at gmail.com
Fri May 16 17:35:10 EDT 2014
Cheers, any idea when you'll do the next release?
Nils
--
Blog: www.nilspreusker.de
> On May 16, 2014, at 17:10, Stian Thorgersen <stian at redhat.com> wrote:
>
> Sorry for the rather slow response, but this has been added to master now
>
> ----- Original Message -----
>> From: "Nils Preusker" <n.preusker at gmail.com>
>> To: keycloak-user at lists.jboss.org
>> Sent: Friday, 2 May, 2014 2:35:00 PM
>> Subject: [keycloak-user] No refresh-token when requesting access token
>>
>> Hi,
>>
>> I noticed that when I request an access token (curl -v -H "Content-type:
>> application/x-www-form-urlencoded"
>> http://localhost:8080/auth/rest/realms/keycloak-admin/tokens/grants/access
>> --data "client_id=...&client_secret=...&username=...&password=..." -H
>> "Accept: application/json"), the response doesn't contain a refresh token.
>>
>> Is this intentional? And might it change in future versions?
>>
>> According to http://tools.ietf.org/html/rfc6749#section-4.3 (which is the
>> spec the above method implements, right?), the refresh token in the access
>> token response is optional.
>>
>> If I'm not mistaken, adding .generateRefreshToken() here:
>> https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/services/resources/TokenService.java#L201
>> should do the trick, right?
>>
>> Cheers,
>> Nils
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list