Details
-
Feature Request
-
Resolution: Done
-
Major
-
None
-
None
-
None
Description
To reproduce the error. Login to shoot'nshare with keycloak
Have the tokens stored securely in keychain
close your app
wait for 5 mins
open it back
try to upload picture
... and boom 400
Here is the refresh request
POST /auth/realms/shoot-realm/tokens/refresh HTTP/1.1
Host: 192.168.0.37:8080
Content-Type: application/x-www-form-urlencoded
Connection: keep-alive
Accept: /
User-Agent: Shoot/1 CFNetwork/711.0.6 Darwin/14.0.0
Content-Length: 667
Accept-Language: en-us
Accept-Encoding: gzip, deflate
refresh_token=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiIwMGY4OTdlNC03MWVhLTQ3Y2MtOWQ3My1kZmVlNDg3MWQ3ZGIiLCJleHAiOjE0MTMzNjg0NDUsIm5iZiI6MCwiaWF0IjoxNDEzMzY3ODQ1LCJpc3MiOiJzaG9vdC1yZWFsbSIsInN1YiI6IjYzNDg2MzA3LWUzNTUtNDAyMS1hNjRlLTk1ODFiZmNmNWFlMSIsInR5cCI6IlJFRlJFU0giLCJhenAiOiJzaG9vdC10aGlyZC1wYXJ0eSIsInNlc3Npb25fc3RhdGUiOiJjMWNmNDIzMi02ZjFhLTQ0ODgtOGQzZS1hYzk3OTU5NzhiOWMiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsidXNlciJdfSwicmVzb3VyY2VfYWNjZXNzIjp7fX0.Q7KK_5vjqISkhnUVnuyDJzzlTZ-zSxkD6cV759snRPf6XtEGhrwV1l07Anf6Og99VTRNKK7JvPt9Yx-a7Cw9ZlNS88PmqU9HmaFwSx9Olnij0rpclfLbqQuq_nHd5pSV_gq1mygbNuQsOB0BKBEpW51FzvIMbDZt3UyLQzcWNNc&grant_type=refresh_token&client_id=shoot-third-party
and its response:
HTTP/1.1 400 Bad Request
Connection: keep-alive
X-Powered-By: Undertow/1
Server: WildFly/8
Transfer-Encoding: chunked
Content-Type: application/json
Date: Wed, 15 Oct 2014 14:16:44 GMT
==> Error linked to KC, from spec not sure a refresh token should expired
corinnekrych: hello Keyclaok team
[4:24pm] corinnekrych: I have a question on oauth2 refresh token
[4:24pm] corinnekrych: i’ve been surprised to get this answer from keyclaok server: "Refresh token expired"
[4:25pm] corinnekrych: for ex Google refresh token never expired so…
[4:25pm] corinnekrych: besides default configuration put a very short life for this refresh token, but that;’s good it allows me to see it
[4:26pm] corinnekrych: so my question is: when you have an app that stored (securely) access and refresh token so that next app usage, you can transparently refresh the tokens
[4:27pm] corinnekrych: without asking for grant again
[4:27pm] corinnekrych: how would you deal with refreshing refresh token???\
[4:29pm] corinnekrych: i thought refresh token were not supposed to expire … http://tools.ietf.org/html/rfc6749#section-10.4
I think this