[keycloak-user] Offline tokens clients best practice

[Haim Vana]

Hi,

We noticed that when working with offline tokens the same client that generated the offline token must be the one that will generate an access token from it, if we use different client we getting an error message.

This approach might be problematic since we have users that want to use multiple applications and the shouldn't be aware of the client id or from which application they generated the offline token.

So we would like to use single client for generating the offline tokens and generating access tokens from them for all of our applications, is it the best practice ? any known disadvantages to that approach ?


Thanks,
Haim.
The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.