Reputation: 2679
Keycloak access tokens invalid after Keycloak server restart
We are using Keycloak 3.4.0 / Keycloak.js in our single page app. Keycloak stores its data within a MariaDB.
When I restart the Keycloak server (NOT MariaDB) and refresh my single page app I am redirected to the login page. I thougt that Keycloak stores all tokens within its database, shouldn't these tokens still be valid after a restart? Or is it expected that all sessions are logged out?
Do I have to use offline tokens to support this scenario?
The offline token is valid even after a user logout or server restart. https://www.keycloak.org/docs/3.4/server_admin/index.html#_offline-access
Upvotes: 4
Views: 4167
Answers (1)
Reputation: 31651
This is written by one of the members of the Keycloak development team:
The JPA user session provider was dropped (performance was horrible so we deemed it unusable). The user session persister is only used for offline sessions, they survive a server restart.
So yes, it seems like they removed it because of performance related issues. Here you've got the whole thread.
Upvotes: 6
Related Questions
- Keycloak, not returning access token if update password action selected
- keycloak - CODE_TO_TOKEN_ERROR after user is authenticated
- Keycloak API always returns 401
- Keycloak development instance: broken authentication configuration
- Keycloak returning already-expired tokens
- Keycloak token generation not working- Unauthorized credentials
- Keycloak access token expires too soon
- Keycloak authorization process after access token
- keycloak internal server error when accessing token url
- Keycloak 1.9.1.Final- failed verification of token: Token is not active