Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How to get offline token

See original GitHub issue

Bug Report or Feature Request (mark with an `x`)

- [ ] bug report -> please search for issues before submitting
- [X] feature request

Versions.

"keycloak-angular": "^7.1.0",
"keycloak-js": "4.8.3",

Desired functionality.

How could we get offline tokens?

https://github.com/keycloak/keycloak-documentation/blob/master/server_admin/topics/sessions/offline.adoc

Issue Analytics

State:
Created 4 years ago
Reactions:2
Comments:13

Top GitHub Comments

2reactions

stephane-dereppecommented, Mar 16, 2020

Sorry. I do use the login-required option in the initOptions of the keycloak.init.

I was expecting a way to pass the requested scope via this interface but found nothing.

        await keycloak.init({
          config: appConfigService.getConfig().keycloak,
          initOptions: {
            onLoad: 'login-required',
            checkLoginIframe: false
          },
          enableBearerInterceptor: true,
          bearerExcludedUrls: [
            '/assets'
          ]
        });

Do you mean I should remove the login-required value and trigger manually keycloak.login() after the initialization?

Other remark: Could anyone tell me if my approach (using offline token for a PWA application) is a good one? Does it make sense?

Thanks for your help!

1reaction

stephane-dereppecommented, Mar 19, 2020

If I replace my code whith the following :

        await keycloak.init({
          config: appConfigService.getConfig().keycloak,
          initOptions: {
            checkLoginIframe: false
          },
          enableBearerInterceptor: true,
          bearerExcludedUrls: [
            '/assets'
          ]
        }).then(auth => {
          if (!auth) {
                keycloak.login({
                  scope: 'openid offline_access',
                });
              }
        });

(remove onLoad: 'login-required' ) and pass the scope in the login method, I can get a offline token.

By the way, I’ve experienced the same problem as stated in the mail list : (when doing a logout all via the admin console) https://lists.jboss.org/pipermail/keycloak-user/2018-May/014128.html

Now, to be able to reuse the offline token, I guess I should store it in my local storage. (to avoid recreating a new token when I reload my page. Do you know if it’s a good practice to put an offline token in the local storage?

Top Results From Across the Web

Offline Sessions and Offline tokens within Keycloak - JANUA

This article is dedicated to describe the behaviour and usage of offline sessions and offline tokens within Keycloak. The behaviour of offline tokens...

Offline Access | keycloak-documentation

Users can view and revoke offline tokens that have been granted by them in the User Account Service. The admin user can revoke...

Offline token with Keycloak - Huong Dan Java

The first thing you need to know is how we get the offline token. · We can use this offline token to get...

Get Refresh Tokens - Auth0

To get a refresh token , you must include the offline_access scope when you initiate an authentication request through the /authorize endpoint. Be...

What does "offline" access in OAuth mean? - Stack Overflow

If a refresh token is present in the authorization code exchange, then it can be used to obtain new access tokens at any...