With 'Revoke Refresh Token' turn on - how to cater for token request timeout / network hiccup?


i have turn on the ‘Revoke Refresh Token’ options.

recently, i meet a problem, due to network issue, that client side timeout (short-circuit, 30seconds) when requesting a new access token with refresh token [refresh_token_A](refresh token grant), but in fact, keycloak does consume the refresh token [and issue a new refresh_token_B] but the new refresh token cannot be delivered to client due to network hiccup.

the client try to implement retry mechanism (with refresh_token_A] but this won’t work as the old refresh token is already invalidated…

this force the user to re-login which is very poor in user experience…and complaints received.

anybody have a similar issue on the ‘revoke refresh token’ handling? can you share your thoughts?

thank you.