[keycloak-user] Refreshing Tokens

Christopher Davies christopher.james.davies at gmail.com
Sat Aug 20 03:52:16 EDT 2016


I adding keycloak into a legacy application that uses GWT and Jetty.
I have managed to get add Keycloak application using Spring-security.
Because this is GWT I am doing the authorisation in the application myself.
Sping just provides a way to get access to the KeycloakSecurityContext.

The issue I have is refreshing the token. I can get hold of
a RefreshableKeycloakSecurityContext instance
and use that to get a refresh token. What surprised me is that I cannot
refresh a token if the roles have changed.
Is this correct. I was hoping that the application could notice the role
changes and adapt itself on the fly.

I do not want to have to logout to get the new roles it at all possible. Is
there something that I have overlooked that will allow
me to use the idToken to get a new accessToken given that the
authentication of the user is still valid, it is just the roles the user is
in that have changed.


Thanks

Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160820/68919287/attachment.html 


More information about the keycloak-user mailing list