I’m making an application that must always keep the token updated to make api calls I saw that it needs a secret to update the hybrid flow but it’s not safe for a fe side only app.
So first I thought about making a nodejs broker api to manage the get token and refresh token, but I’m having problems regarding getting the body params code, I saw that it is passed to the login and silent redirection, but I noticed that the It actually works by updating the token when it first enters
keycloak.init(..{
initOptions: {
enableLogging: true,
flow: 'implicit',
onLoad: "check-sso",
checkLoginIframe: false,
silentCheckSsoRedirectUri:
window.location.origin + '/assets/silent-check-sso.html'
},
..)
so I tried to redo the init exactly what I do when I first enter here
this.key.keycloakEvents$.subscribe((value => {
console.log(value);
if (value.type == KeycloakEventType.OnTokenExpired) {
console.log('expired')
this.key.init({....})
}
});
and damn, update the token without logging out, it doesn’t seem like the optimal solution to me but it works, I was thinking of logging in again every time a call failed (token expired) and not within the expiration event.
what do you think? Thank you