Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-1678

Unable to introspect refresh / offline tokens

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • Archive - 21'
    • RH-SSO-7.2.4.GA
    • Server
    • None
    • Hide

      Request a new token.
      Attempt to introspect refresh token with .../protocol/openid-connect/token/introspect, token_type_hint = refresh_token
      Response is "active": false

      Show
      Request a new token. Attempt to introspect refresh token with .../protocol/openid-connect/token/introspect, token_type_hint = refresh_token Response is "active": false

      RefreshTokenIntrospectionProvider extends AccessTokenIntrospectionProvider (and provides no additional functionality)

      All refresh token introspections are handled the same way as access token introspections and end up being passed to the org.keycloak.TokenVerifier. The default behaviour for this class is to reject anything with type != "Bearer" meaning that refresh and offline tokens are rejected even while still valid.

            Unassigned Unassigned
            rhn-support-hokuda Hisanobu Okuda
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: