search

mauriciovigolo / keycloak-angular

Easy Keycloak setup for Angular applications.
MIT License
730 stars 280 forks source link

Refresh Token is unused #566

Closed Luckyluke1988 closed 5 months ago

Luckyluke1988 commented 5 months ago

Bug Report or Feature Request (mark with an x)

- [] bug report -> please search for issues before submitting
- [x] feature request

Versions.

Angular version: 16.1.2 Angular Keycloak version: 14.3.0

Repro steps.

When we use the function login() or the function updateToken(), the Refresh Token issued by Keycloak is ignored. This Library is using the Access Token to update the Access Token and not using the Refresh Token.

The log given by the failure.

Desired functionality.

When the Access token is Expired, a function for example updateTokenWithRefreshToken() can be called to request a new Access Token from Keycloak with the Refresh Token.

ibagaric commented 5 months ago

When you call updateToken(), payload is 

grant_type: refresh_token
refresh_token: eyJhbGciOiJIUzUxMiIsInR5cCIgOiAiSldUIiw .....
client_id: someclient

so you send refresh_token to update access_token, but for me, problem is that updateToken also updates and refresh_token, which results that refresh token being extended again, so it never expires

Luckyluke1988 commented 5 months ago

Mhhhh i dont know what i saw, but you are right the behaivior is as expected. Access Token is Updated with Refresh token. I am so sorry for the trouble!