search

mauriciovigolo / keycloak-angular

Easy Keycloak setup for Angular applications.
MIT License
714 stars 271 forks source link

Refresh Token is unused #566

Closed Luckyluke1988 closed 1 month ago

Luckyluke1988 commented 1 month ago

Bug Report or Feature Request (mark with an x)

- [] bug report -> please search for issues before submitting
- [x] feature request

Versions.

Angular version: 16.1.2 Angular Keycloak version: 14.3.0

Repro steps.

When we use the function login() or the function updateToken(), the Refresh Token issued by Keycloak is ignored. This Library is using the Access Token to update the Access Token and not using the Refresh Token.

The log given by the failure.

Desired functionality.

When the Access token is Expired, a function for example updateTokenWithRefreshToken() can be called to request a new Access Token from Keycloak with the Refresh Token.

ibagaric commented 1 month ago

When you call updateToken(), payload is 

grant_type: refresh_token
refresh_token: eyJhbGciOiJIUzUxMiIsInR5cCIgOiAiSldUIiw .....
client_id: someclient

so you send refresh_token to update access_token, but for me, problem is that updateToken also updates and refresh_token, which results that refresh token being extended again, so it never expires

Luckyluke1988 commented 1 month ago

Mhhhh i dont know what i saw, but you are right the behaivior is as expected. Access Token is Updated with Refresh token. I am so sorry for the trouble!