Keycloak Gatekeeper - Decrypt refresh token

I have keycloak-gatekeeper acting as a proxy in front of a node js web app. I only allow data requests to be made from the web server if the user has a valid access token. Gatekeeper only appears to refresh the access token on page refresh. This means that after the access token has expired, the user can not execute data queries from the web client until they’ve refreshed the page.

One solution I have is to be able to refresh the token myself in the web server. This means decrypting the refresh token that gatekeeper sets as a cookie.

Is there a better way to do this? If not, can any one shed any advice on how best to decrypt the refresh token in node.js?

Thanks in advanced.

Try to implement “keep fresh token” periodic query in the background (Ajax query), which will hit some dummy backend endpoint only to get new fresh cookie from Gatekeeper.

If it is SPA app, then gatekeeper is not the best option. Frontend (not gatekeeper in the backend) should maintain auth session (OpenID Connect Code Flow with PKCE, Implicit Flow - example implementation