[keycloak-user] Bearer Only Application and refresh token
Bill Burke
bburke at redhat.com
Mon Nov 10 10:51:32 EST 2014
On 11/10/2014 9:48 AM, Davide Ungari wrote:
> Hi,
> following some of your suggestions I designed an application composed of a:
> 1- frontend web application
> 2- backend REST API
>
What is your frontend web app? Javascript (GWT or Angular JS or jQuery)?
> The frontend has a servlet-proxy to the backend REST API to avoid cross
> domain problems.
>
Take a look at the CORS spec and also Keycloak's support for it. You
don't need a servlet proxy.
> The backend has a bearer-only configuration.
>
>
> Everything is working until the token does not expire, I tried to force
> refresh when I recieve 401 status but it does not work.
>
Do you mean everything works until the token expires?
> What is supposed to be done every time the access tokes expires?
>
Whoever obtained the access token is responsible for refreshing it. If
your web application is a Javascript app, then you can use the
keycloak.js library which will handle refreshing tokens. Combine this
with CORS if you need to invoke backend REST services that are on
another domain. There's a few examples in the distro that show how to
do this.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list