[keycloak-user] Unable To Use Refresh Token
Sagar Ahire
sagarahire at arvindinternet.com
Mon Mar 6 08:48:41 EST 2017
Hello,
I've deployed keyclock 2.4.0 in a kubernetes environment. While refreshing
the access token I'm getting following response.
{'error': 'invalid_grant', 'error_description': 'Client session not
active'}.
Here is what I did:
Step1: First, I generated three access tokens and refresh tokens
(rf1,rf2,rf3), then I used this refresh_tokens to refresh the access
tokens. I got the access tokens successfully for all three requests.
(Successful scenario)
Step2: I restarted some of the pods from the keyclock cluster, I tried to
refresh the access tokens using the same refresh tokens(rf1,rf2,rf3) again,
using rf1 I could refresh the access token but using rf2,rf3 I got the
response mentioned above ('client session not active'). I made sure rf2 and
rf3 are not expired.
I'm unable to use refresh token even though it is not expired. I suspect
session created on one pod is not properly shared between all the members
of a cluster and I'm loosing the session if one of my pod is restarted or
goes down.
Can someone please suggest any solution for this? Any help would be greatly
appreciated.
regards,
-Sagar
More information about the keycloak-user
mailing list