[keycloak-user] Key Rotation
Shetty, Shweta
Shweta.Shetty at Teradata.com
Mon Apr 15 12:27:51 EDT 2019
Hi Folks,
As per the security need we need to provide the functionality of rotating keys. The access token is using RAS256 as key algorithm, but looks like the Keycloak signs the refresh token with a different algorithm by using HMAC (HS256). We have use case of offline tokens and would like to get new offline token when the key rotates. Is it possible to sign the refresh token with the same key as access token? The problem is we can only revoke refresh token – there is no way to rotate the refresh token key. Please advise? What do folks usually do?
Shweta
More information about the keycloak-user
mailing list