TokenResponse does not include refresh_expires_in field from OIDC keycloak response

Question

TokenResponse does not include refresh_expires_in field from OIDC keycloak response

Vidxyz opened this issue 2 years ago · 2 comments

Hello,

Im using flutter_appauth with a self hosted keycloak server, While trying to use AppAuth to retrieve the TokenResponse, I noticed the the response object does not include the value refresh_expires_in which keeps track of refresh token expiry time.

The keycloak server OIDC response includes a refresh_expires_in field. The schema of the keycloak server OIDC response is

{
   "access_token":"..",
   "expires_in":300,
   "refresh_expires_in":1800,
   "refresh_token":"...",
   "token_type":"Bearer",
   "id_token":"...",
   "not-before-policy":0,
   "session_state":"...",
   "scope":"openid email profile"
}

However, I see that the TokenResponse object has structure

TokenResponse(
    this.accessToken,
    this.refreshToken,
    this.accessTokenExpirationDateTime,
    this.idToken,
    this.tokenType,
    this.scopes,
    this.tokenAdditionalParameters,
  );

Can the additional field be added in? Or is there somewhere else that the refresh token expiry time is tracked?

Answer 1 · 2022-07-07T12:36:12.000Z

This isn't part of the official spec so no it won't be added. I don't use Keycloak so won't be able to confirm if you took a look at the structure you have pointed out, you should see properties like tokenAdditionalParameters and that is meant to be where other values go to. Did you take a look at that prior to opening the issue?

Answer 2 · 2022-07-27T03:13:19.000Z

Yes, I did take a look at tokenAdditionalParameters however wasn't able to find the fields I was hoping for. However, you are correct - it isn't part of the official spec so I have adjusted my implementation to account for the same - without using the refresh_expires_in field. Will close this issue now.