I’m trying to migrate authentification to keycloak on my python based service. I’m using python-keycloak library. I’ve got how to get auth token, check it and logout:
from keycloak import KeycloakOpenID
keycloak_openid = KeycloakOpenID(
server_url="my-url",
client_id="my-client",
realm_name="my-realm",
client_secret_key="my-secret",
)
username = "my-username"
password = "my-password"
# get token
token = keycloak_openid.token(username, password)
# check if authorised
auth_status = keycloak_openid.has_uma_access(token, "")
if (not auth_status.is_authorized) or (not auth_status.is_logged_in):
"Unauthorised"
# Logout
keycloak_openid.logout(token["refresh_token"])
But I didn’t manage to make refreshing token properly. If I refresh token, I’m successfully getting a new one, but previous token still being valid:
# get token
token = keycloak_openid.token(username, password)
# Refresh token
new_token = keycloak_openid.refresh_token(token["refresh_token"])
# they both have is_authorized and is_logged_in set to true
auth_status_old = keycloak_openid.has_uma_access(token, "")
auth_status_new = keycloak_openid.has_uma_access(new_token, "")
How should I make refreshing properly? Or do I checking for auth wrongly?