[keycloak-user] Exception after changing roles

Bill Burke bburke at redhat.com
Wed Aug 19 21:25:36 EDT 2015


If you remove a role mapping that the old token has, the refresh token 
becomes invalid.  We should probably rethink that a little and only 
throw an error if consent from the user is required.

On 8/19/2015 10:33 AM, Thomas Raehalme wrote:
> Hi,
>
> I have been doing some experiments with Keycloak and encountered a problem:
>
> If a user is logged in and her client role mappings are changed in the
> admin UI, why is an exception thrown "User no long has permission for
> client role OLD_ROLE" when the token expires and the refresh token is
> used to acquire a new one?
>
> I was expecting the new token to contain the new set of roles, but
> instead got this error.
>
> Thanks for your help!
>
> Best regards,
> Thomas
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-user mailing list