Java 通过 Keycloak 中的 refresh_token 刷新 access_token
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/51386337/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Refresh access_token via refresh_token in Keycloak
提问by RaiBnod
I need to make the user keep login in the system if the user's access_token get expired and user want to keep login. How can I get newly updated access_token with the use of refresh_token on Keycloak?
如果用户的 access_token 过期并且用户想要保持登录状态,我需要让用户在系统中保持登录状态。如何在Keycloak上使用 refresh_token 获得新更新的 access_token ?
I am using vertx-authfor the auth implementation with Keycloakon vert.x. Is it possible to refresh access_token with vertx-author Keycloak's REST API itself? Or what will be another implementation of this?
我使用vertx-AUTH与在auth实施Keycloak上vert.x。是否可以使用vertx-auth或Keycloak的 REST API 本身刷新 access_token ?或者这个的另一个实现是什么?
采纳答案by Yogendra Mishra
keycloak has REST API for creating an access_tokenusing refresh_token. It is a POST endpoint with application/x-www-form-urlencoded
keycloak 具有用于创建access_tokenusing 的REST API refresh_token。它是一个POST endpoint with application/x-www-form-urlencoded
Here is how it looks:
这是它的外观:
Method: POST
URL: https://keycloak.example.com/auth/realms/myrealm/protocol/openid-connect/token
Body type: x-www-form-urlencoded
Form fields:
client_id : <my-client-name>
grant_type : refresh_token
refresh_token: <my-refresh-token>
This will give you new access token using refresh token.
这将使用刷新令牌为您提供新的访问令牌。
NOTE:if your refresh token is expired it will throw 400 exception in that you can make user login again.
注意:如果您的刷新令牌已过期,它将抛出 400 异常,您可以让用户再次登录。
Check out a sample in Postman, you can develop and corresponding API using this.
查看 Postman 中的示例,您可以使用它开发和相应的 API。
回答by Sampath Nawgala
I tried with 4.8.2.Final, it gives following unauthorized_clienteven with previous access token as 'Bearer'.
Then I tried with Basic YXBwLXByb3h5OnNlY3JldA==in Authorization header.
Then it worked, But still I'm not sure that I am doing right thing.
我尝试使用 4.8.2.Final,unauthorized_client即使使用先前的访问令牌作为“Bearer” ,它也会提供以下内容。然后我尝试Basic YXBwLXByb3h5OnNlY3JldA==在 Authorization 标头中使用。然后它起作用了,但我仍然不确定我做对了。
