[keycloak-user] Keycloak token and refresh token
Bill Burke
bburke at redhat.com
Wed Mar 11 23:06:02 EDT 2015
access token used to securely invoke remote apps. refresh token to
refreesh the access token. You have to call the auth-server's refresh
endpoint though and provide client credentials (not user credentials).
AccessTokenResponse has info about when the access token will expire.
On 3/11/2015 4:45 PM, Emil Posmyk wrote:
> Hi all
>
> I did some research about refreshing the tokens and now I know how to do
> this, but more important question is how should I use it. For example:
> when we have an object AccessTokenResponse then we can use token
> (String) or refresh token (this is used also for logout), first will be
> active eg: 5 minuts, but refresh token will be active forever (there is
> no expiration time if I understood correctly). But should I use refresh
> token to authenticate application or maybe only token with expiration
> should be used ?
>
> Other case is that I have a method for getting a map with access token.
> I used for that refresh token to get it. This access token now should be
> used as a new token and it is right way ?
>
>
>
> /
> regards/
> /--/
> /Emil Posmyk
> /
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list