I cannot refresh a token with a public client

I am trying to refresh an access token:

const url = "http://localhost/auth/realms/myrealm/protocol/openid-connect/token"
const params = new URLSearchParams();
params.append('grant_type', 'refresh_token');
params.append('client_id', "web");
params.append('refresh_token', "eyJhbGci...");

const config = {
  headers: {
    'Content-Type': 'application/x-www-form-urlencoded',
require('axios').post(url, params, config).then(resp => {
}).catch(e => {

This output the following error:

{ error: 'invalid_grant', error_description: 'Token is not active' }

This is my client configuration:

enter image description here

For what is worth the same happens with curl

That looks correct. Did you happen to restart keycloak in between getting the refresh token and trying to refresh?

1 Like

I think I have underestimated the duration of the refresh token, it was basically expired, thanks.