refresh token
Closed this issue · 3 comments
Is "refresh token" supported ?
thanks
Hi @frhack Good question!
I've checked the settings of the company-services Realm that the app creates. You can find it in Realm setting menu -> Tokens tab. There is a Refresh token toggle button.
In my app, it is disabled (by default). I haven't explored much about it, as I am using access tokens.
Hi @frhack Good question!
...
In my app, it is disabled (by default). I haven't explored much about it, as I am using access tokens.
Thanks for the answer.
The toggle you show is for "Revoke Refresh Token" (to enable revocation of the refresh token), not to enable "Refresh token"
So it seams that the refresh token is already enabled in Keycloack.
Refresh token is not an alternative to the Access token: it works in conjuction with the access token
An OAuth Refresh Token is a string that the OAuth client can use to get a new access token without the user's interaction.
It's very useful to improve security.
Thanks to the refresh token, we can use very short lived access tokens, and refresh it trasparently
Cool, thanks for the detailed explanation.
Yes, it seems that refresh token is already enabled in Keycloak.