Same user with multiple sessions/tokens?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Same user with multiple sessions/tokens?


I am using Keycloak openID endpoint to retrieve access token from keycloak server using Direct Access Grant mode. I found each time a NEW request is made using SAME user account/credential, Keycloak returns a NEW access token. (So I can see the same user with multiple sessions)

In this way, I am not sure if a refresh token is still needed, because we can basically get a new token for each request and NOT care about the expiration?

Is this expected? Is same user supposed to have many access tokens? Is there any potential issues to work in this way?