Search code examples
angularjsauthenticationtokenkeycloak

KEYCLOAK - Refresh/update token not working

I have single page application that is built using Angularjs and integrated with Keycloak for authentication and authorization.

I am able to login into my application, get loggedin user roles etc. goes The moment refresh token call, it always returns in my else case, and user logout of the application. Though the token valid time is set very high.

I need to update the token, if user has opened the app. In case of failure or expire token i need to logout the user. if (refreshed) always returns false.

Below is the piece of code i am using.

var __env = {};

        Object.assign(__env, window.__env);

        var keycloakConfig = {
            "url" : __env.keycloakUrl,
            "realm" : __env.keycloakRealm,
            "clientId" : __env.keycloakClientId,
            "credentials" : {
            "secret" : __env.keycloakSecret
            }
        };
var keycloak = Keycloak(keycloakConfig);
        keycloak.init({
            onLoad : 'login-required'
        }).success(function(authenticated) {
                 if(authenticated){                  
                        keycloak.loadUserInfo().success(function(userInfo) {
                        bootstrapAngular(keycloak, userInfo, roles);
                    });
            }
        });

function bootstrapAngular(keycloak, userInfo, roles) {
        angular.module('myApp').run(
                function($rootScope, $http, $interval, $cookies) {
                    var updateTokenInterval = $interval(function() {
                        // refresh token if it's valid for less then 15 minutes
                    keycloak.updateToken(15).success(
                                function(refreshed) {
                                    if (refreshed) {
                                        $cookies.put('X-Authorization-Token',
                                                keycloak.token);
                                    }else{
                                        $rootScope.logoutApp();
                                    }
                                });
                    }, 600000);
                    updateTokenInterval;
                    $cookies.put('X-Authorization-Token', keycloak.token);

                    $rootScope.logoutApp = function() {
                        $cookies.remove('X-Authorization-Token');
                        $interval.cancel(updateTokenInterval);
                        keycloak.logout();
                    };
    }
}
Solution

  • I couldn't find explained it in the API docs but the timeout argument of keycloak.updateToken() function is expressed in seconds, not in minutes.

    So if the Access Token Lifespan on server is at the default value of 5 minutes, you should use a value less than 300 seconds. I learned it doing some experiments.

    //Update the token when will last less than 3 minutes
keycloak.updateToken(180)

    Btw I suggest you to use a Lifespan longer than 5 minutes for the token.

    In your code You never see the token refreshed because the refresh is never triggered in the 15 seconds window in which will work.