[keycloak-user] Refreshing ID token and sliding session

[Olga Bon]

I am studying Keycloak and related protocols OpenID & OAuth2. Everything is
clear except one thing, how to maintain the sliding session for a logged in
user. Maybe I misunderstand something.

   1. Authorization Flow first of all redirects a user to the keycloak
   login page, after successful login the user is redirected to the redirect
   url with the authorization code.
   2. Using this authorization code, a server side application connects to
   the keycloak server and exchanges the code for the Access token (also
   including client id, secret, etc) and ID token.
   3. Access token is used by the server side application itself in order
   to retrieve details from the keycloak server, like user additional info,
   public key, etc. So the Access token is used by applications only.
   4. The server side applications set a cookie with the received ID token.
   Now user can access protected resources.

All in all we have

   1. Access token stored on the server side and used only by applications
   or services to retrieve additional info from Keycloak.
   2. Refresh token stored on the server side and used only by application
   or services to get new Access token
   3. ID token stored in the user's cookies and used to access protected
   resources of the system.

My question is, how can the ID token be refreshed. Consider the following
case, a user is logged in and doing some actions in the system, but
suddenly toke got expired. How this case should be handled? I have
implemented my own flow called the Sliding session, so the token gets
refreshed if any request is made, however I don't know how to handle this
case with Keycloak.

I would be grateful for any help regarding the matter.