Possible to avoid reload when refresh token expired, but SSO session gives new token?

[kimwykoff]

Bug Report or Feature Request (mark with an x)

- [ ] bug report -> please search for issues before submitting
- [ ] feature request

Versions.

keycloak-angular: 14.2.0 angular: 16.2.12 keycloak: 23.0.4

Repro steps.

When the refresh_expires_in becomes 0, the token is invalid and my app reloads. Since my SSO session is set to a greater value than the client session, SSO seems to kick in and I get a valid token without having to log back in. But, wherever I was in the app is lost and I'm back to a clean state. If I set my SSO session properties to the same values as the client session properties, then when refresh token expires, my app logs out and the user sees the login page.

Is there a way to prevent the reload and just get the new token? Or should I just set my SSO session properties to the same values as the client session properties so I will get a clean logout?

I've seen other apps which warn you that you will be logged out and you can click to continue. How can I get a new token with the counter for session max reset to its original value?

I haven't found a guide which discusses this. Does one exist? Am I missing something?

The log given by the failure.

access_token: "token1"
expires_in: 58
id_token: "token2"
not-before-policy: 0
refresh_expires_in: 58
refresh_token: "token3"
scope: "openid email profile"
session_state: "cbc75629-58be-4baa-bacf-a7e5ab8a8dae"
token_type: "Bearer"

Desired functionality.

It seems like this would be a normal behavior you'd want to implement - who wants an app that can just log you out while you're working?