Add offline_access scope to make tokens more resilient to expiry

Sheherezadhe / awair-uploader

GNU General Public License v3.0

121 stars 57 forks source link

Add offline_access scope to make tokens more resilient to expiry #46

Open wwadge opened 2 years ago

wwadge commented 2 years ago

Ask for the offline_access scope to get non-expiring tokens back from Keycloak server

wwadge commented 2 years ago

Example of what refresh token would then look like (note typ: Offline):


  "iat": 1649022600,
  "jti": "29384cc...",
  "iss": "https://login.planetwatch.io/auth/realms/Planetwatch",
  "aud": "https://login.planetwatch.io/auth/realms/Planetwatch",
  "sub": "e2bc9d6...",
  "typ": "Offline",
  "azp": "external-login",
  "nonce": "eb655f31-4113-4...",
  "session_state": "e1bf52a6-...",
  "scope": "openid profile offline_access email",
  "sid": "e1bf52a6-..."
}```

rdsaunders commented 2 years ago

Tested locally with this change and looks good.