I'm facing the same problem. I use JavaScript adapter and do login with a POST request to /.../protocol/openid-connect/token/ (no Keycloak login screen involved). What should I do to keep things working after a refresh fail due to lack of roles? Thanks in advance -- Sent from: http://keycloak-user.88327.x6.nabble.com/