I tried to send request:
POST …/realms/my-realm/protocol/openid-connect/token
Headers:
Content-Type: application/x-www-form-urlencoded
and 10 default headers from Postman
Body:
client_id: my-client-id
grant_type: refresh_token
refresh_token: eyJhbGc…
When I used KeycloakX version 14.0 I got correct result which included new access token.
When I used KeycloakX version 16.1 I got the failure: { “error”: “invalid_grant”, “error_description”: “Session not active” }
After I performed the request I saw my user session in active session list in keycloak administration console.
How I can fix that?
I would be grateful, thanks in advance.
2 Likes
We have also seen similar issues in our setup. The solution is not known yet. Any help from community will be appreciated.
+1 for me with keycloak 16.1 too.
1 Like
When the SSO session expires you cannot refresh your token unless you specify in the scope parameter the value offline_access.
Here the specification Final: OpenID Connect Core 1.0 incorporating errata set 1
In case you cant or dont want to include this scope, you are forced to reauthenticated the user, this process can be automated or manually triggered by the end user.
To improve user interaction you can trigger a confirm popup to notify the end-user that his session will be closed after X minutes and a new login process need to be executed.