[keycloak-user] always-refresh-token and admin rest api

Benjamin Hansmann [alphaApps] b.hansmann at alphaapps.de
Fri Apr 17 07:30:35 EDT 2015


Greetings. Following up my post from yesterday I have more specific
questions.

I plan to use keycloak with my REST service for mobile apps as follows:

Option A:
1 A user sends a REST registration request to my webapp and the webapp
adapts the request to the local keycloak admin rest api.
2 When the user is created he can then authenticate to keycloak via the
direct access grant rest api and receives an access token.
3 The issued access token should be valid for only one request, thus I
specified the option "always-refresh-token": true in my webapp's
keycloak.json file.

Option B:
1 Mobile app forms the HTTP POST request to the user registration page.
2 and 3 as in Option A

Option C:
1 Use a user federation provider and create users in my webapp's
datasource.
2 and 3 as in Option A

Question regarding all options:
How is the "always-refresh-token" option supposed to work? I supplied
the option as stated above but I am still able to reuse access tokens
that were issued from the direct access grant service. Another question
is how this token refreshing should be implemented on the client side.
Do I have to invoke on the direct access grant api to obtain a new token
for every request or can the issued "refresh_token" be used on
subsequent requests and a new refresh token is somehow included in the
response of my service?

Question regarding option C:
When creating users in my own database which serves as a federation
provider I loose some keycloak functionality like Email verification and
so on, right?

I am also not sure which option to use. What would you suggest.

Feature request:
It would be great to have a keycloak REST API for registration and user
self-service in order to fulfill the demands of mobile applications.

Best regards,
Benjamin
-- 

[alphaApps] mobile development

Benjamin Hansmann

Nosthoffenstraße 46
D-40589 Düsseldorf
Germany

Mobile: +49 (0) 177 249 47 47
Email: b.hansmann at alphaapps.de



More information about the keycloak-user mailing list