OAuth login provider refreshToken and impersonate
Hi guys,
I'm wondering about a particular setup i have
The users logs in using a Keycloak instance
I can then impersonate them and make use of the JWT plugin to construct a custom payload for my backend services based on the user accessToken issued by keycloak
However, if the user himself only connects once to my app and never come again, am I right to assume their account row containing their access / refresh Token won't ever be updated unless he does it himself ?
What about if the refreshToken stored in B-A account table is expired ? I cannot then impersonate him until he logs in again ?
I'm wondering about a particular setup i have
The users logs in using a Keycloak instance
I can then impersonate them and make use of the JWT plugin to construct a custom payload for my backend services based on the user accessToken issued by keycloak
However, if the user himself only connects once to my app and never come again, am I right to assume their account row containing their access / refresh Token won't ever be updated unless he does it himself ?
What about if the refreshToken stored in B-A account table is expired ? I cannot then impersonate him until he logs in again ?
