Keycloak refresh token expired early

Getting advice
1

I am using Keycloak as my identity provider for my React project. On user login, I am getting an access token and a refresh token. When my access token is expired, I will use the refresh token to get a new access token. When the refresh token expiry time is up, I will redirect the user to the login page. Refresh token expiry is 30 minutes.

My issue comes when action refresh token is in its last 3 minutes. The refresh token is not expired and keycloak is returning the status 400. But the token is not expired yet too.

Below is the warning i found in the keycloak server logs.

WARN [org.keycloak.events] (executor-thread-243) type="REFRESH_TOKEN_ERROR", realmId="43ce5723-240d-4ea5-a6c3-4cec38dd3718", clientId="telemedicine-frontend", userId="null", ipAddress="172.16.0.23", error="invalid_token", grant_type="refresh_token", client_auth_method="client-secret"

Anyone have any idea about what is happening here?

2

Don‘t inspect the refresh_token itself, just try to use it to get a new, fresh access_token. If this fails, redirect the user to do a new authentication. Don‘t look on yourself into the token, it‘s not meant to be inspected.
If you‘d want to inspect it, you‘d have to trust the token. You can‘t trust the refresh_token, as you don‘t have the shared secret to verify the signature. The only entity to verify the token signature, is the issuing server itself.

1 Like
3

OK. Thank you, Niko, For your advice.