[keycloak-user] Offline token used to get access token - keycloak return 400
Sebastien Blanc
sblanc at redhat.com
Wed Apr 12 13:24:08 EDT 2017
This is a bug and there is ticket for it
https://issues.jboss.org/browse/KEYCLOAK-4521
Le mer. 12 avr. 2017 à 19:16, Mariusz Chruscielewski - Info.nl <
mariusz at info.nl> a écrit :
> Hi. We are using offlice refresh tokens in our app. I see strange
> behaviour that I can't undestand:
>
>
> Keycloak version: 2.5.5
>
>
> First we do login request:
>
> http://keycloak/auth/realms/vi/protocol/openid-connect/token
>
> using password grant type, credentials and scope=offline_access
>
>
> Then we wanted to test what happens when keycloak server is restarted
> (because of deployment, outage, whatever)
>
>
> Next we do refresh call using refresh_token (offline token):
>
> http://keycloak/auth/realms/vi/protocol/openid-connect/token
>
>
> grant_type=refresh_token&client_id=vinl&refresh_token={offline_refresh_token}
>
>
> We get 200 response with access_token in it
>
>
> When we try to use it to get user-details:
>
> http://keycloak/auth/realms/vi/protocol/openid-connect/userinfo
>
>
> using authorization header with access_token generated by using
> refresh_token
>
> Authorization: Bearer {Access_token}
>
>
> we get 400:
>
>
> {
> "error": "invalid_request",
> "error_description": "User session not found"
> }
>
>
>
> Can you please tell me if I'm doing something wrong or is it a Keycloak
> bug.
>
>
> After restart of KC, there is no active sessions, but I can see that
> offline tokens are there (in admin console)
>
>
> Why does it return 400?
>
>
> Thanks in advance
>
> Mariusz Chruścielewski
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list