im trying to set up my web app to silently refresh the tokens when they expire.
The webapp runs behind Gatekeeper version 7.0.1. Keycloak is also at v 7.0.1.
The initial login through gk/kc works fine. My webapp gets the kc-access and kc-state cookies set and the gatekeeper /oauth/token endpoint gives me a good jwt.
Now, when the token expires, i cant get it to refresh.
I do check the /oauth/expired endpoint on gatekeeper periodically (in my development environment its every 30secs) for a 401 return code.
After i get an 401, i access a file in my webapp through an ajax call. This is to force gatekeeper to attempt to refresh the token.
Accessing that file works fine and gatekeeper logs “injecting the refreshed access token cookie”, but i was also expecting a set-cookie header which would give me the updated cookie.
Isnt that how the enable-refresh-tokens config in gatekeeper is supposed to work, or did i get something wrong?
If iam wrong, what is the right way to do a silent token refresh?