[keycloak-user] Offline token used to get access token - keycloak return 400
Mariusz Chruscielewski - Info.nl
mariusz at info.nl
Wed Apr 12 11:44:50 EDT 2017
Hi. We are using offlice refresh tokens in our app. I see strange behaviour that I can't undestand:
Keycloak version: 2.5.5
First we do login request:
http://keycloak/auth/realms/vi/protocol/openid-connect/token
using password grant type, credentials and scope=offline_access
Then we wanted to test what happens when keycloak server is restarted (because of deployment, outage, whatever)
Next we do refresh call using refresh_token (offline token):
http://keycloak/auth/realms/vi/protocol/openid-connect/token
grant_type=refresh_token&client_id=vinl&refresh_token={offline_refresh_token}
We get 200 response with access_token in it
When we try to use it to get user-details:
http://keycloak/auth/realms/vi/protocol/openid-connect/userinfo
using authorization header with access_token generated by using refresh_token
Authorization: Bearer {Access_token}
we get 400:
{
"error": "invalid_request",
"error_description": "User session not found"
}
Can you please tell me if I'm doing something wrong or is it a Keycloak bug.
After restart of KC, there is no active sessions, but I can see that offline tokens are there (in admin console)
Why does it return 400?
Thanks in advance
Mariusz Chruścielewski
More information about the keycloak-user
mailing list