刷新 Keycloak 离线令牌 [英] Refreshing Keycloak offline token
问题描述
我目前正在尝试使用 Keycloak 获取离线令牌.我的问题是,我无法刷新曾经收到的令牌..
I am currently trying to get an offline token working with Keycloak. My problem here is, that I cannot refresh a token I once reveived..
当我最初调用令牌端点时,我会得到一个带有工作访问令牌的正确响应:
When I initially call the token endpoint, I get a proper response with a working access token:
{
"access_token": "<access-token>",
"expires_in": 900,
"refresh_expires_in": 0,
"refresh_token": "<refresh-token>",
"token_type": "bearer",
"not-before-policy": 1539890980,
"session_state": "a178faf2-xxxx-xxxx-xxxx-fb16548b6805",
"scope": "email profile offline_access"
}
然后,我尝试使用
curl -X POST
https://<my-url>/auth/realms/<realm>/protocol/openid-connect/token
-H 'Content-Type: application/x-www-form-urlencoded'
-H 'cache-control: no-cache'
-d 'client_id=<client-id>
-d 'refresh_token=<refresh-token>
-d 'grant_type=refresh_token'
我收到以下错误:
{
"error": "invalid_grant",
"error_description": "Offline session not active"
}
我查看了 Keycloaks Jira 问题,这似乎不是一个已知问题.谁能帮我让离线令牌运行?有什么特别的技巧吗?感谢您的帮助!
I looked at Keycloaks Jira issues and this doesn't seem to be a known issue. Can anyone help me getting the offline token running? Is there any special trick? Appreciate your help!
推荐答案
确保您的领域设置的值大于 0 用于离线会话.它们的生命周期与正常会话不同.
Make sure your realm settings have a value greater than 0 for offline sessions. They have a separate lifetime than normal sessions.
我认为默认设置为 30 天,但请仔细检查.
By default I think it's set to 30 days but just double check.
然后检查领域设置以查看是否也允许重复使用刷新令牌.如果您禁用了令牌的重复使用,请确保您没有多次使用刷新令牌.
Then check realm settings to see if re-use of refresh tokens is allowed as well. If you disabled re-use of tokens then make sure you don't use a refresh token more than once.
如果重复使用被关闭,那么我现在什么都没有想到.我只在令牌过期时看到您的错误.
If re-use is turned off then I've got nothing that comes to mind right now. I've only seen your error when the token expires.
这篇关于刷新 Keycloak 离线令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
