Home > database >  Validate token on keycloak server for every api call
Validate token on keycloak server for every api call

Time:02-01

I have keycloak spring microservice and regular java spring service using keycloak adapter & keycloak-spring-boot-starter. When keycloak issues a valid token and I pass it over to spring service the validation token is valid and everything works fine.

And if I restart the keycloak service and I pass the previously issued token again to the spring service the validation passes again. Why is that? I would like for spring to figure out that the token was issued by a previously existing keycloak instance and report an invalid token.

CodePudding user response:

If you look at the token payload it has the following details
enter image description here

So just by restarting the keycloak instance without changing anything will not make the token invalid, this would create a lot of issues.
There is one option, where if the instance itself is changed for example hostname, this will result in token validation to return active:false.

For example if I request the token with below URL

http://localhost:8080/auth/realms/testrealm/protocol/openid-connect/token

and validate it with this introspection url, the token will be shown as valid.

http://localhost:8080/auth/realms/testrealm/protocol/openid-connect/token/introspect

But, if I just change the hostname to 127.0.0.1 in my introspection url, the token is not valid anymore

http://127.0.0.1:8080/auth/realms/testrealm/protocol/openid-connect/token/introspect

So AFAIK, you might need to brew up some custom logic for this.

The other best option is to keep the access token lifespan very limited.

Page link:https//www.codepudding.com/database/283667.html

Prev:How to update records in existing column using Spring JPA?
Next:How does Spring Framework choose between two components?
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding