Menu
I have single page application that is built using Angularjs and integrated with Keycloak for authentication and authorization.
I am able to login into my application, get loggedin user roles etc. goes The moment refresh token call, it always returns in my else case, and user logout of the application. Though the token valid time is set very high.
I need to update the token, if user has opened the app. In case of failure or expire token i need to logout the user. if (refreshed) always returns false.
Below is the piece of code i am using.
var __env = {};
Object.assign(__env, window.__env);
var keycloakConfig = {
"url" : __env.keycloakUrl,
"realm" : __env.keycloakRealm,
"clientId" : __env.keycloakClientId,
"credentials" : {
"secret" : __env.keycloakSecret
}
};
var keycloak = Keycloak(keycloakConfig);
keycloak.init({
onLoad : 'login-required'
}).success(function(authenticated) {
if(authenticated){
keycloak.loadUserInfo().success(function(userInfo) {
bootstrapAngular(keycloak, userInfo, roles);
});
}
});
function bootstrapAngular(keycloak, userInfo, roles) {
angular.module('myApp').run(
function($rootScope, $http, $interval, $cookies) {
var updateTokenInterval = $interval(function() {
// refresh token if it's valid for less then 15 minutes
keycloak.updateToken(15).success(
function(refreshed) {
if (refreshed) {
$cookies.put('X-Authorization-Token',
keycloak.token);
}else{
$rootScope.logoutApp();
}
});
}, 600000);
updateTokenInterval;
$cookies.put('X-Authorization-Token', keycloak.token);
$rootScope.logoutApp = function() {
$cookies.remove('X-Authorization-Token');
$interval.cancel(updateTokenInterval);
keycloak.logout();
};
}
}
947
To get a new access token with a refresh token, in the request to get the access token, you just need to pass grant_type=refresh_token, the value of the refresh token that we had in the previous request to get the access token, client ID and client secret.
Keycloak authenticates the user then asks the user for consent to grant access to the client requesting it. The client then receives the access token. This access token is digitally signed by the realm. The client can make REST invocations on remote services using this access token.
Offline access is a feature described in OpenID Connect specification . The idea is that during login, your client application will request an Offline token instead of a classic Refresh token.
I couldn't find explained it in the API docs but the timeout argument of keycloak.updateToken() function is expressed in seconds, not in minutes.
So if the Access Token Lifespan on server is at the default value of 5 minutes, you should use a value less than 300 seconds. I learned it doing some experiments.
//Update the token when will last less than 3 minutes
keycloak.updateToken(180)
Btw I suggest you to use a Lifespan longer than 5 minutes for the token.
In your code You never see the token refreshed because the refresh is never triggered in the 15 seconds window in which will work.
80
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
