KEYCLOAK - Refresh/update token not working

angularjs authentication token keycloak

33,658

Solution 1

I couldn't find explained it in the API docs but the timeout argument of keycloak.updateToken() function is expressed in seconds, not in minutes.

So if the Access Token Lifespan on server is at the default value of 5 minutes, you should use a value less than 300 seconds. I learned it doing some experiments.

//Update the token when will last less than 3 minutes
keycloak.updateToken(180)

Btw I suggest you to use a Lifespan longer than 5 minutes for the token.

In your code You never see the token refreshed because the refresh is never triggered in the 15 seconds window in which will work.

Solution 2

(refreshed) returns false only if your token is not expired. So you're trying to refresh the token when it has not yet expired.

set " Access Token Lifespan " to 1 minute in the Keycloak realm you're using, then try the following code to check the status of refreshed again

keycloak.onTokenExpired = ()=>{
            console.log('expired '+new Date());
            keycloak.updateToken(50).success((refreshed)=>{
                if (refreshed){
                    console.log('refreshed '+new Date());
                }else {
                    console.log('not refreshed '+new Date());
                }
            }).error(() => {
                 console.error('Failed to refresh token '+new Date());
            });
            }

Solution 3

I take a look on their sample code:

        /**
     * If the token expires within `minValidity` seconds, the token is refreshed.
     * If the session status iframe is enabled, the session status is also
     * checked.
     * @returns A promise to set functions that can be invoked if the token is
     *          still valid, or if the token is no longer valid.
     * @example
     * ```js
     * keycloak.updateToken(5).success(function(refreshed) {
     *   if (refreshed) {
     *     alert('Token was successfully refreshed');
     *   } else {
     *     alert('Token is still valid');
     *   }
     * }).error(function() {
     *   alert('Failed to refresh the token, or the session has expired');
     * });
     */

So I think your token is still valid, that's why the updateToken return false.

33,658

Author by

Ankur Singhal

Ability to conceptualize, design, document and communicate the architecture, technology and construction guidelines to developers. Good experience in translating business needs into detailed development/engineering specifications.

Updated on May 22, 2020

Comments

Ankur Singhal almost 4 years

I have single page application that is built using Angularjs and integrated with Keycloak for authentication and authorization.

I am able to login into my application, get loggedin user roles etc. goes The moment refresh token call, it always returns in my else case, and user logout of the application. Though the token valid time is set very high.

I need to update the token, if user has opened the app. In case of failure or expire token i need to logout the user. if (refreshed) always returns false.

Below is the piece of code i am using.

var __env = {};

        Object.assign(__env, window.__env);

        var keycloakConfig = {
            "url" : __env.keycloakUrl,
            "realm" : __env.keycloakRealm,
            "clientId" : __env.keycloakClientId,
            "credentials" : {
            "secret" : __env.keycloakSecret
            }
        };
var keycloak = Keycloak(keycloakConfig);
        keycloak.init({
            onLoad : 'login-required'
        }).success(function(authenticated) {
                 if(authenticated){                  
                        keycloak.loadUserInfo().success(function(userInfo) {
                        bootstrapAngular(keycloak, userInfo, roles);
                    });
            }
        });

function bootstrapAngular(keycloak, userInfo, roles) {
        angular.module('myApp').run(
                function($rootScope, $http, $interval, $cookies) {
                    var updateTokenInterval = $interval(function() {
                        // refresh token if it's valid for less then 15 minutes
                    keycloak.updateToken(15).success(
                                function(refreshed) {
                                    if (refreshed) {
                                        $cookies.put('X-Authorization-Token',
                                                keycloak.token);
                                    }else{
                                        $rootScope.logoutApp();
                                    }
                                });
                    }, 600000);
                    updateTokenInterval;
                    $cookies.put('X-Authorization-Token', keycloak.token);

                    $rootScope.logoutApp = function() {
                        $cookies.remove('X-Authorization-Token');
                        $interval.cancel(updateTokenInterval);
                        keycloak.logout();
                    };
    }
}

Ankur Singhal about 7 years

i am using same thing, it does not solve my purpose, actually it is not refreshing the token at all.
Dan Manastireanu over 3 years

If you ever need to force refresh the token (for example to update the permissions in it) you can use updateToken(-1). Do not abuse this...
Tazo leladze over 3 years

So you're trying to refresh the token when it has not yet expired Yeah thats it! Thanky you
Tazo leladze over 3 years

Can you explain what does updateToken min validity param (50 on this case) means? On my case I have WebSocket connection and when token is expired the connection is closed and I retry, retry, retry... So can I say the token ever refreshed correctly and connection was opened?
Charith Jayasanka over 3 years

If the token expires within minValidity seconds (minValidity is optional, if not specified 5 is used) the token is refreshed. If the session status iframe is enabled, the session status is also checked. This is what the documentation says