Error refreshing a token because of modified roles
Issue
-
The adapter log shows a lot of errors with this message:
ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (http-0.0.0.0:8082-3) Refresh token failure status: 400 {"error":"invalid_scope","error_description":"User no long has permission for realm role: XXXXX"} -
On the server log just a refresh token error is shown:
WARN [org.keycloak.events] (default task-2) type=REFRESH_TOKEN_ERROR, realmId=demo, clientId=sample-client, userId=15c5bc50-c248-4be7-8590-8a2931a1ffbc, ipAddress=x.x.x.x, error=invalid_token, grant_type=refresh_token, refresh_token_type=Refresh, refresh_token_id=202589ac-aa1f-4b28-94f9-72ff6e11c3e1, client_auth_method=client-secret
Environment
- Red Hat Single Sign-On (RH-SSO)
- 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
