In case of an error condition, e.g. if the refresh token is no longer valid, the response will follow the same structure as for other token endpoint errors. The client should discard the refresh token and obtain a new access token using the server-side flow.

Access token and refresh token

Keycloak provides a possibility to configure different lifespan of access token and refresh token. This is all done on the Tokens tab in the Keyclock. Expiration time can be configured for:

Access token in Access Token Lifespan field
Refresh token in SSO Session Idle field

See Session and Token Timeouts for more detailed information.

Using an access token to access the Archie API

...

Page tree

Versions Compared

Old Version 43

New Version 44

Key

Access token and refresh token

Using an access token to access the Archie API

Page tree

Page History

Versions Compared

Old Version 43

New Version 44

Key

Access token and refresh token

Using an access token to access the Archie API