[keycloak-user] Refresh token - should it expire?
Stian Thorgersen
sthorger at redhat.com
Wed Oct 14 00:46:54 EDT 2015
Yes, clients and users have to have permissions to use offline tokens.
Further the client has to explicitly request offline tokens using a scope
query param.
On 13 October 2015 at 20:34, Scott Rossillo <srossillo at smartling.com> wrote:
> Will the option to create an offline token be client specific? For
> example, client A should follow realm-wide expirations but client B should
> be able to issue offline refresh tokens.
>
> Scott Rossillo
> Smartling | Senior Software Engineer
> srossillo at smartling.com
>
> [image: Powered by Sigstr] <http://www.sigstr.com/>
>
> On Aug 18, 2015, at 7:14 AM, Juraci Paixão Kröhling <juraci at kroehling.de>
> wrote:
>
> Sounds good, thanks!
>
> - Juca.
>
> On 08/18/2015 12:52 PM, Stian Thorgersen wrote:
>
> We still aim to get this included in 1.5, which is scheduled for early
> September. It may slip to 1.6 which is scheduled for early October.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151014/e1fc46a3/attachment.html
More information about the keycloak-user
mailing list