Best strategy to renew token used in WebSocket connection

[aalbericio]

Hello,

I'm connecting to Apache Artemis (with stomp server configured) via WebSocket. Artemis is configured to validate connections against Keycloak (OpenID connect server) and the integration is working really well (I send this information/token in the connection's password field).

The problem is that the token used for this "connect" operation expires at some point and then, as soon as I create a new susbcription, or interact with the websocket client, the WebSocket client disconnects, which is also expected since the token is expired.

My question is: using an access token is quite common today and token expiration is also an old topic everywhere so:

• What is the recommended strategy to update this token of the ongoing websocket connection?
• I can not disconnect and then connect again since that operation is only accepted for network failures

Thanks,

A.

[aalbericio]

Hello,

I have finally decided to disconnect and reconnect (silently) the websocket seems it seems the best strategy for all sides.

I can't understand why STOMP does not provide an spec for updating the token.

Thanks