[keycloak-user] Unable To Use Refresh Token

Andrew Zenk azenk at umn.edu
Mon Mar 6 09:01:47 EST 2017


Have you increased the owner count for the various caches to something
greater than 1?

On Mar 6, 2017 7:56 AM, "Sagar Ahire" <sagarahire at arvindinternet.com> wrote:

> Hello,
>
> I've deployed keyclock 2.4.0 in a kubernetes environment. While refreshing
> the access token I'm getting following response.
> {'error': 'invalid_grant', 'error_description': 'Client session not
> active'}.
>
> Here is what I did:
> Step1: First, I generated three access tokens and refresh tokens
> (rf1,rf2,rf3), then I used this refresh_tokens to refresh the access
> tokens. I got the access tokens successfully for all three requests.
> (Successful scenario)
>
> Step2: I restarted some of the pods from the keyclock cluster, I tried to
> refresh the access tokens using the same refresh tokens(rf1,rf2,rf3) again,
> using rf1 I could refresh the access token but using rf2,rf3 I got the
> response mentioned above ('client session not active'). I made sure rf2 and
> rf3 are not expired.
>
> I'm unable to use refresh token even though it is not expired. I suspect
> session created on one pod is not properly shared between all the members
> of a cluster and I'm loosing the session if one of my pod is restarted or
> goes down.
>
> Can someone please suggest any solution for this? Any help would be greatly
> appreciated.
>
>
>
>
> regards,
>  -Sagar
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list