I'm using a service account for a server to get user info and create users with a single instance of KeycloakAdmin (the instance is created once when my server application starts).
For some unknown reason Keycloak will sometimes respond with {"error":"HTTP 401 Unauthorized"} while the access token has not yet expired. I've recently updated the python-keycloak dependency from 0.26.0 to 3.3.0 and started noticing these errors as a result of the auto_refresh_token behaviour being refactored (in 0.26.0 if the request failed the token was refresh and the request was re-attempted, but that has changed to refresh the token when close to expiry before making a request).
There are two problems I'm facing
Requests are failing with a valid token - this is most likely a Keycloak side issue, so if anyone has seen this before a nudge in the right direction would be immensly helpful
Subsequent requests fail - the current logic only refreshes a token when it expires, so the token which has already lead to a 401 will be reused until it expires which is problematic
Versions
python-keycloak: 3.3.0
Keycloak: 21.1, deployed via Keycloak Operator in Kubernetes
I'm using a service account for a server to get user info and create users with a single instance of
KeycloakAdmin
(the instance is created once when my server application starts).For some unknown reason Keycloak will sometimes respond with
{"error":"HTTP 401 Unauthorized"}
while the access token has not yet expired. I've recently updated the python-keycloak dependency from 0.26.0 to 3.3.0 and started noticing these errors as a result of theauto_refresh_token
behaviour being refactored (in 0.26.0 if the request failed the token was refresh and the request was re-attempted, but that has changed to refresh the token when close to expiry before making a request).There are two problems I'm facing
Versions python-keycloak: 3.3.0 Keycloak: 21.1, deployed via Keycloak Operator in Kubernetes