Revoke refresh token settings not working

Under Real Settings > Tokens > Revoke Refresh Token

We changed it to ON, and added Refresh Token Max Reuse as 1.

The grant_type: authorization_code request is going to get first access token and refresh token on login into the application. Then after some time interval the grant_type: refresh_token request is going which returning new access token and new refresh token.

Then the new request is getting send using new access token but it is giving session time oit from application but in keycloak it gives below error

17:21:30,641 WARN [org.keycloak.events] (default task-37) type=REFRESH_TOKEN_ERROR, error=invalid_token, grant_type=refresh_token, refresh_token_type=Refresh, refresh_token_id=d97220d7-393b-4766-9284-d61466ac6ae5, client_auth_method=client-secret

1 Like