[keycloak-user] Token refresh from Android native app

Stian Thorgersen stian at redhat.com
Mon Nov 3 03:36:35 EST 2014


Simple example of refreshing token (from our testsuite):

https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java#L197



----- Original Message -----
> From: "Frank French" <Frank.French at causeway.com>
> To: keycloak-user at lists.jboss.org
> Sent: Sunday, 2 November, 2014 11:10:32 PM
> Subject: [keycloak-user] Token refresh from Android native app
> 
> 
> I’m currently using the browser to initially log in to my app. After the user
> credentials have been validated I intercept the url containing the code and
> use that on the resource /realms/myrealm/tokens/access/codes. To convert the
> code into a token. I am then able to use the embedded access token for
> subsequent API calls. This works fine until the access token expires.
> 
> When the access token expires the service returns a 401. At present the only
> way I can get past this is to redirect the user back to the login page and
> start the above process again (creates another session). I would only expect
> to have to do this if the SSO idle timeout and been reached (it hasn’t).
> I’ve looked through the API docs and found the resource
> /realms/myrealm/token/refresh. I’ve tried using this resource but have
> failed miserably. Could someone please explain how to use this resource or
> point me somewhere else if I’ve got it completely wrong.
> 
> Example code below.
> 
> 
> 
> private JWSToken refreshToken(String accessToken , String refreshToken )
> throws IOException, InvalidTokenException{
> 
> JWSToken token = null ;
> 
> 
> 
> String url = " http://127.0.0.1:8080/auth/realms/myrealm/tokens/refresh " ;
> 
> //String query = “refresh_token=“ + refreshToken ;
> 
> //String query = “refresh_token=“ + refreshToken + “client_id=" + CLIENT_ID "
> ;
> 
> String query = "refresh_token=" + refreshToken + "client_id=" + CLIENT_ID +
> "grant_type=refresh_token" ;
> 
> //Tried all the above
> 
> 
> 
> 
> HttpPost httppost = new HttpPost( url );
> 
> httppost .addHeader( “Authorization ” , “Bearer “ + accessToken ); //401 with
> 400 without
> 
> httppost .addHeader( "Content-Type" , "application/x-www-form-urlencoded" );
> 
> 
> 
> ByteArrayEntity entity = new ByteArrayEntity( query .getBytes());
> 
> httppost .setEntity( entity );
> 
> HttpResponse response = httpclient .execute( httppost );
> 
> 
> 
> 
> int status = response .getStatusLine().getStatusCode();
> 
> 
> 
> 
> if ( status == HttpStatus. SC_OK ){
> 
> InputStream stream = null ;
> 
> 
> 
> 
> try {
> 
> stream = response .getEntity().getContent();
> 
> 
> 
> 
> ObjectMapper mapper = new ObjectMapper();
> 
> token = mapper .readValue( stream , JWSToken. class );
> 
> } finally {
> 
> if ( stream != null ){
> 
> stream .close();
> 
> }
> 
> }
> 
> } else {
> 
> throw new InvalidTokenException() ;
> 
> }
> 
> 
> 
> return token ;
> 
> }
> 
> 
> 
> 
> 
> 
> 
> Causeway is committed towards reducing its carbon footprint. Please consider
> the environment before printing this email.
> 
> 
> 
> 
> Disclaimer Notice :-
> 
> The message and any attachments contained in this e-mail are intended for the
> named recipient(s) only. It may contain privileged or confidential
> information or information which is exempt from disclosure under the
> applicable laws. If you are not the intended recipient(s), you must not
> read, print, retain, copy distribute, forward or take any or refrain from
> taking any action in reliance on it or any of its attachments. If you have
> received or have been forwarded this e-mail in error, please notify us
> immediately by return e-mail or telephone (+44 (0)1628 552000) and delete
> this message from the computer or any other data-reading device in its
> entirety.
> 
> Please advise us immediately if you do not or your employer does not consent
> to Internet e-mail for messages of this nature.
> 
> Internet communications cannot be guaranteed to be secure and error-free as
> the information could be intercepted, corrupted, lost, arrive late or
> contain viruses. The sender and this Company therefore do not and shall not
> accept any liability or responsibility of whatsoever nature in the context
> of this message and its attachment(s) which arises as a result of Internet
> transmission. Opinions, conclusion, representations, views and such other
> information in this message that do not relate to the official business of
> this Company shall be understood as neither given nor endorsed by it.
> 
> Registered Office: Comino House, Furlong Road, Bourne End, Buckinghamshire,
> SL8 5AQ
> Registered in England No: 3921897 www.causeway.com
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list