[keycloak-user] Client setup recommandation

[Stian Thorgersen]

It's all controlled by the session and there are no way to get tokens that
work for longer. Issuing offline tokens to a web application would be a
really bad idea. If you want users to remain authenticated set the idle to
a higher value. That's it.

On 25 January 2017 at 15:09, David Delbecq <david_delbecq at trimble.com>
wrote:

> Hello,
>
> we have a javascript web application we are migrating to keycloak. I am not
> sue what are the recommandations on setting up configuration for that
> client with the following requirement:
>
> Once user triggers the "login" and gets keycloak authenticated, we should
> get a bearer token to use later on REST services.
> The user should not be requested again to login, unless he logs out. Even
> if he closes his browser. So we need a way to keep or replace token on a
> regular basis. Is there some keycloak REST service we can poll on a regular
> basis for this?
> Sometimes the user goes "off grid" (no network communication) for several
> hours. How can we ensure we still keep logged in?
>
> My first idea was to just increase the SSO timeout and token validity to 30
> days. But it seems like a bad idea from my reading of keycloak
> documentation. So i tried to use an offline token instead, but it seems the
> implicit flow doesn't allow you to get an offline token. All token i get
> after login are marked as expiring within 15 minutes.
>
> What's the recommended way to get long lived refresh token, using implicit
> flow?
> --
> <http://www.trimble.com/>
> David Delbecq
> Software engineer, Transport & Logistics
> Geldenaaksebaan 329, 1st floor | 3001 Leuven
> +32 16 391 121 <+32%2016%20391%20121> Direct
> david.delbecq at trimbletl.com
> <http://www.trimbletl.com/>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>