Validate token on keycloak server for every api call
I have keycloak spring microservice and regular java spring service using keycloak adapter & keycloak-spring-boot-starter. When keycloak issues a valid token and I pass it over to spring service the validation token is valid and everything works fine.
And if I restart the keycloak service and I pass the previously issued token again to the spring service the validation passes again. Why is that? I would like for spring to figure out that the token was issued by a previously existing keycloak instance and report an invalid token.
If you look at the token payload it has the following details
So just by restarting the keycloak instance without changing anything will not make the token invalid, this would create a lot of issues.
There is one option, where if the instance itself is changed for example hostname, this will result in token validation to return active:false.
For example if I request the token with below URL
http://localhost:8080/auth/realms/testrealm/protocol/openid-connect/token
and validate it with this introspection url, the token will be shown as valid.
http://localhost:8080/auth/realms/testrealm/protocol/openid-connect/token/introspect
But, if I just change the hostname to 127.0.0.1 in my introspection url, the token is not valid anymore
http://127.0.0.1:8080/auth/realms/testrealm/protocol/openid-connect/token/introspect
So AFAIK, you might need to brew up some custom logic for this.
The other best option is to keep the access token lifespan very limited.
- How to track progress of DataBufferUtils.write()?
- Dot operator not clickable and lightbulb icon appearing in IntelliJ
- Setting a Spring bean class name using a SpEL expression and PropertyPlaceHolder
- Overriding beans in Integration tests
- How to control exception while developing RESTful API with Java?
- Inject Mocks for objects created by Factory classes
- Spring transaction rolled back on RuntimeException
- Artemis Auto configuration problem when using corda-rpc with Spring boot
- Spring Boot ignores dashes in property names in YML files
- How to set up liquibase in Spring for multiple data sources?
- Maven and Spring Boot - non resolvable parent pom - repo.spring.io (Unknown host)
- Load Multiple CSV files into database using Spring Batch
- Spring Boot i18n resolution
- How to configure Azure Application Insight for a Java Spring Boot in a Pod in Azure AKS
- Spring @Async with CompletableFuture
- Possible to access HealthIndicator methods as endpoints?
- org.springframework.dao.OptimisticLockingFailureException: Attempt to update step execution id=1 with wrong version (2), where current version is 3
- Issue: FileNotFoundException for AppConfig.xml in Spring Project
- Custom Spring annotation for request parameters
- Spring Boot Upload Multipart 413 Request Entity Too Large
- Spring Batch - Deleting metadata post job completion throws error - Incorrect result size: expected 1, actual 0
- How to prevent spring boot from auto creating instance of bean 'entityManagerFactory' at startup?
- com.fasterxml.jackson.databind.exc.InvalidFormatException: Cannot deserialize value of type `java.time.LocalTime` from String "7:45PM"
- Spring Integration webflux fails for every other calls
- Asynchronous publish ignoring errors and timeouts
- Spring @ExceptionHandler handling multiple kinds of exceptions
- Configuring Hazelcast via Spring Boot application.yml
- Failed to configure a DataSource: 'url' attribute is not specified and no embedded datasource could be configured
- Programmatically restart Spring Boot application / Refresh Spring Context
- Generating JWT token with JwtUtil class in Spring Boot resulting in NullPointerException