[keycloak-user] Refesh token error
Göttlich, Thomas
thomas.goettlich at it-informatik.de
Wed Jun 21 07:14:24 EDT 2017
Hi there,
we're currently integrating two Java server applications via Keycloak and use a subclass of KeycloakOIDCFilter on the client side.
The subclassing is done mainly to facilitate configuration (which is loaded from the database) as well as some adjustments on session fixation prevention and login redirect handling.
It works well so far, with one exception: when the access token times out and needs to be refreshed, we get the following error:
- Client: [org.keycloak.adapters.RefreshableKeycloakSecurityContext] Refresh token failure status: 400 {"error":"invalid_grant","error_description":"Refresh token expired"}
- Keycloak: [org.keycloak.events] type=REFRESH_TOKEN_ERROR, realmId=our_realm, clientId=our_client, userId=null, ipAddress=127.0.0.1, error=invalid_token, grant_type=refresh_token, client_auth_method=client-secret
So far I could verify that the refresh token is not null so it seems to either be invalid or the request is faulty.
For testing purposes we have set the following timeouts:
- SSO session idle: 1 minute
- SSO session max: 10 hours
- Access token lifespan: 1 minute
- Access token lifespan for implicit flow: 1 minute
The client has the following settings:
- Only standard flow enabled
- Access type: confidential
- Client protocol: openid-connect
Any idea what could cause that error or where we should look at?
Thanks in advance,
Thomas
More information about the keycloak-user
mailing list