[keycloak-user] Clarification regarding Offline Token

Marek Posolda mposolda at redhat.com
Thu Nov 12 03:24:09 EST 2015


You can use that in browser application with authorization_code too. 
That's not a problem.

For refresh_token you can't at this point. The offline token itself is 
special kind of refresh token (It's refresh token which never expires). 
So if you send refresh request with offline token, you will 
automatically receive new offline token. Otherwise if you send refresh 
request with "classic" refresh token, you will receive another classic 
refresh token. I suggest to look at documentation 
http://keycloak.github.io/docs/userguide/keycloak-server/html/timeouts.html#offline-access 
and try the example (referenced from documentation). The example is 
browser application and it uses authorization_code .

Marek

On 11/11/15 19:19, robinfernandes . wrote:
> Hi All,
>
> Just wanted a clarification regarding generation of offline tokens.
>
> 1. Can we use the *grant_type = authorization_code* or*grant_type = 
> refresh_token* to get the offline tokens? Or is it only available for 
> grant_type = password & grant_type = client_credentials?
>
> 2. Is there a way to give offline token to a particular user without 
> using direct access grants?
>
> Thanks,
> Robin
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151112/46a26e0c/attachment.html 


More information about the keycloak-user mailing list