Keycloak, by default, does not forward tokens received from external Identity Providers (IDPs), such as Google. To access resources like the Google Calendar, it is necessary to obtain the refresh and access tokens sent by google.
I am trying to get the refresh token returned by google.
currently I am following the method of Retrieving external IDP tokens which gets me the refresh token on first login and i am saving it in the database & it works fine.
const config = {
headers: {
Authorization: `Bearer ${keycloakAccessToken}`
}
}
let response = await axios.get(`${process.env.KEYCLOAK_ISSUER}/broker/google/token`, config)
however, I want to be able to retrieve this refresh token for the same user again because if same user logged in from a different client in same realm I will not be able to save the refresh token in the new client database
I have tried exchange token however this retrieves only the access token
does keycloak save the refresh token returned by google in its db? is there an api to retrieve it?
any help would be appreciated
after several trials, I ended up using the following work around: