Refresh access_token via refresh_token in Keycloak

Question

I need to make the user keep login in the system if the user's access_token get expired and user want to keep login. How can I get newly updated access_token with the use of refresh_token on Keycloak?

I am using vertx-auth for the auth implementation with Keycloak on vert.x. Is it possible to refresh access_token with vertx-auth or Keycloak's REST API itself? Or what will be another implementation of this?

Answer 1

keycloak has REST API for creating an access_token using refresh_token. It is a POST endpoint with application/x-www-form-urlencoded

Here is how it looks:

Method: POST URL: https://keycloak.example.com/auth/realms/myrealm/protocol/openid-connect/token Body type: x-www-form-urlencoded Form fields:     client_id : <my-client-name> grant_type : refresh_token refresh_token: <my-refresh-token> 

This will give you new access token using refresh token.

NOTE: if your refresh token is expired it will throw 400 exception in that you can make user login again.

Check out a sample in Postman, you can develop and corresponding API using this.

Answer 2

@maslick is correct you have to supply the client secret too, no need for authorization header in this case:

http://localhost:8080/auth/realms/{realm}/protocol/openid-connect/token

In case of expired refresh token it returns:

If you don't add the secret you get 401 unauthorized even though the refresh token is correct