This post has NOT been accepted by the mailing list yet.
I am using Keycloak openID endpoint to retrieve access token from keycloak server using Direct Access Grant mode. I found each time a NEW request is made using SAME user account/credential, Keycloak returns a NEW access token. (So I can see the same user with multiple sessions)
In this way, I am not sure if a refresh token is still needed, because we can basically get a new token for each request and NOT care about the expiration?
Is this expected? Is same user supposed to have many access tokens? Is there any potential issues to work in this way?