Keycloak Gatekeeper - Decrypt refresh token

rooch84 · March 23, 2020, 4:44pm

I have keycloak-gatekeeper acting as a proxy in front of a node js web app. I only allow data requests to be made from the web server if the user has a valid access token. Gatekeeper only appears to refresh the access token on page refresh. This means that after the access token has expired, the user can not execute data queries from the web client until they’ve refreshed the page.

One solution I have is to be able to refresh the token myself in the web server. This means decrypting the refresh token that gatekeeper sets as a cookie.

Is there a better way to do this? If not, can any one shed any advice on how best to decrypt the refresh token in node.js?

Thanks in advanced.

jangaraj · March 23, 2020, 5:55pm

Try to implement “keep fresh token” periodic query in the background (Ajax query), which will hit some dummy backend endpoint only to get new fresh cookie from Gatekeeper.

If it is SPA app, then gatekeeper is not the best option. Frontend (not gatekeeper in the backend) should maintain auth session (OpenID Connect Code Flow with PKCE, Implicit Flow - example implementation https://github.com/damienbod/angular-auth-oidc-client).

Topic		Replies	Views
Silent token refresh through gatekeeper Securing applications gatekeeper	2	1731	February 28, 2020
Use Keycloak Gatekeeper in front of backend API by setting enable-refresh-tokens=true Securing applications gatekeeper	0	3112	October 21, 2019
Revoke Refresh Token Strategy blocks Access Token renewal Securing applications adapter-java , adapter-javascript	2	3269	March 26, 2024
Proxy keycloak-js refresh token requests Getting advice authentication	0	512	May 3, 2022
Keycloak Gatekeeper - Logout Securing applications	2	1612	March 23, 2020

Keycloak Gatekeeper - Decrypt refresh token

Related Topics