I would like to know whether Keycloak supports JWE or Opaque Tokens for access or refresh token. Documentation suggests that jwe is supported for id token but not sure for access and refresh.
Related
I created docusign jwt access token for my application manually/php sdk with consent and used that access token in the code for restapi. Expiry of access token is 1 hr. How to renew the DocuSign jwt access token without asking consent again and again? Or how to prolong the expiry of access token?
You call request_jwt_user_token again and get the token from the response. You dont need to request consent again. Have a look at the recommended best practices here
I understand that i can fetch web services client token through the url
https://www.yourmoodle.com/login/token.php?username=USERNAME&password=PASSWORD&service=SERVICESHORTNAME
and it works. I am getting a token and private token.
but i do not see a refreshtoken url. I can see the expiry date through moodle admin account.
Does anyone how to refresh moodle token?
what is the use of private token?
Thanks
It looks like there's no inbuilt functionality to refresh a token like the OAuth 2 spec. You would need to call the login/token.php again if your API call fails.
Unfortunately the login/token.php file only returns the token and may return the private token (Private token, only transmitted to https sites and non-admin users.). From the client's perspective there's no way to know when the token will expire.
References:
https://github.com/moodle/moodle/blob/master/login/token.php
https://github.com/moodle/moodle/blob/master/lib/externallib.php#L1034
Can someone please explain the cookies set by Keycloak:
KEYCLOAK_SESSION,Oauth_token_request_state, KEYCLOAK_IDENTITY.
What is the relevance of each cookies?
They are cookies for internal use of Keycloak.
KEYCLOAK_IDENTITY contains a token (JWT) with the user ids. You can view its content using jwt.io (for example). This cookie lives with your browser session and can also be refreshed with SSO. (for example, if you change some of your personal data in the "Manage my account")
KEYCLOAK_SESSION your session id associated to the concerned realm.
Oauth_token_request_state is part of the Oauth spec in order to avoid hacking of the redirect link after login
I am studying Facebook API. From "Graph API Explorer", I got one access token. From the "Access token debugger" , I got two access tokens. But what is the difference between these tokens?
It's not possible to get two access tokens from the Access Token Debugger, you can only debug one token at a time. You probably mean the Access Token Tool which gives a user access token and an application access token. The difference was described at the top
The user tokens listed here are provided for convenience to test your apps. They expire like any other user access token and should not be hard coded into your apps. App tokens do not expire and should be kept secret as they are related to your app secret. For more information on how access tokens work and should be used, see the documentation.
developing a mobile app using angularjs, node.js, mongodb, passportjs, express... Im implementing the bearer strategy with the bearer tokens.
I would like to know, when a user is using the app(immediately after the user is logged the access token is created),but I would like to understand when the API must to refresh it or when the access token must to expire.
Refresh token is used when access token expires. It's up to you when you expire the access token, but usually the lifetime of an access token is one hour. When the access token expires, the refresh token can be used to obtain a new access token. For more information, please refer to the OAuth 2.0 RFC.
Refresh token:
Refresh tokens are credentials used to obtain access tokens. Refresh tokens are issued to the client by the authorization server and are used to obtain a new access token when the current access token becomes invalid or expires, or to obtain additional access tokens with identical or narrower scope (access tokens may have a shorter lifetime and fewer permissions than authorized by the resource owner).
Expiration:
expires_in
RECOMMENDED. The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated.