Generate offline token using Auth code flow

[Karthik Narahari]

Hello,

we are using Keycloak for authentication for both our website and mobile app. To ensure security we enabled only authorization code flow for the clients that we are using in our websites/mobile apps

Now for our mobile app, we want to avoid user from logging in everyday (since we setup session max lifetime to 12 hrs) and keep him logged in for 30 days. For this, using offline session seems to be the working, where the thought was we can generate an offline token and store it as part of mobile local storage and allow user access the app from the access token generated using the offline token

But we are unable to find a way to generate offline token using auth code flow, all examples lead to direct access grant flow. Can anyone suggest if this is possible to do, if not what is the right way to handle this case.

Appreciate your help.

-Karthik

[Ehsan Zaery Moghaddam]

Hi Karthik

When starting the authorization flow, add "offline_access" to the list of values you're sending for the "scope" parameter (or if you don't have any scope at all, just add it like "scope=offline_access"). This will ensure that you'll get an offline token in response. Remember that your client should have the "offline_access" scope assigned (available at KC Admin UI > Clients > YOUR_CLIENT -> Client Scopes tab)

Regards

Ehsan

[Karthik Narahari]

Thanks Ehsan, It worked, I was trying to pass in the scope as part of init options in the keycloak adapter, it worked when I passed it in login options.

-Karthik

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/be38c4e0-f9ef-4368-accd-380ea6abd130n%40googlegroups.com.