[keycloak-user] Newbie question about session last access time updating.

Joe Thielen joe at joethielen.com
Wed Aug 17 11:30:29 EDT 2016


Hello all.  I am new to both Keycloak and OpenID Connect.  Keycloak looks
like a fantastic project and thanks to all who've put in work on it.

I love that Keycloak can be set up to save events (login/logout/etc...).  I
love that there is a way to administratively log out user sessions.  All
this is great.  My question is, what is the proper procedure to update the
session's "Last Access" if I want it to be updated on every page request by
a user?  In some cases I have strict application requirements where it's
important to know exactly when the user last did something.  So I can't
just log them in and periodically do a refresh to keep the session going.
I want to update the session every time the user does something (i.e.,
every page request or API request).

Maybe this is overkill for most applications.  Like I said, I'm new to both
Keycloak and OpenID Connect.  I've figured out how to do the authorization
flow, request user info, and logout.  And I think I've figured out how to
update the session in such a manner that it does update the last access
time.  However, I'm not sure I'm doing it correctly...

Here is an example using curl of what I've been doing to keep the last
access time updated:

curl -s --data
"grant_type=refresh_token&client_id=CLIENTID&client_secret=CLIENTSECRET&refresh_token=REFRESHTOKEN"
"https://HOSTNAME:8443/auth/realms/REALMNAME/protocol/openid-connect/token

Am I incorrectly using the refresh token here?  In reading up on the flow,
it seems like this should only be used periodically, like when the
access_token expires.

A positive side effect of this is that on every single request I'm checking
to ensure the session hasn't been administratively logged out.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160817/4abf5d41/attachment.html 


More information about the keycloak-user mailing list