[keycloak-user] Same user with multiple sessions/tokens?
Amaeztu
amaeztu at tesicnor.com
Thu Jun 1 14:37:31 EDT 2017
Hello,
I guess you should use the refresh token. The more you send the credentials over the network the worse for security as you increase the chances of somebody obtaining them.
Nire Sony Xperia™ telefonotik bidalita
---- rafterjiang igorleak idatzi du ----
>Hello,
>
>I am using Keycloak openID endpoint to retrieve access token from keycloak
>server using Direct Access Grant mode. I found each time a NEW request is
>made using SAME user account/credential, Keycloak returns a *NEW *access
>token. (So I can see the same user with multiple sessions)
>
>In this way, I am not sure if a refresh token is still needed, because we
>can basically get a new token for each request and NOT care about the
>expiration?
>
>Is this expected? Is same user supposed to have many access tokens? Is there
>any potential issues to work in this way?
>
>thanks,
>R
>
>
>
>--
>View this message in context: http://keycloak-user.88327.x6.nabble.com/Same-user-with-multiple-sessions-tokens-tp3937.html
>Sent from the keycloak-user mailing list archive at Nabble.com.
>_______________________________________________
>keycloak-user mailing list
>keycloak-user at lists.jboss.org
>https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list