[keycloak-user] keycloak-gatekeeper and token refresh

[Alex Chatziparaskewas]

Hi All,

We are using keycloak-gatekeeper to secure some server side application, however, we are having troubles with refreshing its access token.

Keycloak-gatekeeper stores its access/refresh tokens in server side cookies (kc-access / kc-state). Information about the access token can be obtained via the /oauth/token service.

I have now added logging to the client to show for how long the access token is valid. What I see: the number is slowly getting negative, /oauth/expired even says that the access token is expired. Regardless of the 'enable-refresh-tokens' setting, the access token is not refreshed by the keycloak-gatekeeper. Instead after some additional time - the expiry time long showing negative numbers, maybe once the refresh token is also almost expired - the application is delegated to the login sequence at which time (the refresh token still seems to be valid) a new access token is created and the application ends up on its 'home screen'.

Question: how to explicitely ask keycloak-gatekeeper to refresh the access token? As the access token is kept in some server side cookie keycloak-gatekeeper must do this.

Thanks & Regards,
Alex