diff --git a/src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java b/src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java
index 1f801aa..cb06ca1 100644
--- a/src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java
+++ b/src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java
@@ -216,6 +216,16 @@ public class DefaultKeycloakClient implements KeycloakClient {
return refreshToken(tokenURL, clientId, clientSecret, tokenResponse.getRefreshToken());
}
+ @Override
+ public TokenResponse refreshToken(String refreshTokenJWTString) throws KeycloakClientException {
+ try {
+ String clientId = ModelUtils.getClientIdFromToken(ModelUtils.getRefreshTokenFrom(refreshTokenJWTString));
+ return refreshToken(clientId, refreshTokenJWTString);
+ } catch (Exception e) {
+ throw new KeycloakClientException("Cannot construct access token object from token response", e);
+ }
+ }
+
@Override
public TokenResponse refreshToken(String clientId, String refreshTokenJWTString) throws KeycloakClientException {
return refreshToken(clientId, null, refreshTokenJWTString);
diff --git a/src/main/java/org/gcube/common/keycloak/KeycloakClient.java b/src/main/java/org/gcube/common/keycloak/KeycloakClient.java
index a0a10e6..ba8a3e2 100644
--- a/src/main/java/org/gcube/common/keycloak/KeycloakClient.java
+++ b/src/main/java/org/gcube/common/keycloak/KeycloakClient.java
@@ -148,6 +148,18 @@ public interface KeycloakClient {
TokenResponse refreshToken(URL tokenURL, String clientId, String clientSecret, TokenResponse tokenResponse)
throws KeycloakClientException;
+ /**
+ * Refreshes a previously issued token from the Keycloak server discovered in the current scope using the the refresh token JWT encoded string obtained with the access token in the previous token response.
+ *
+ * Client id will be read from "issued for" refresh token's claim and client secret will be not sent.
+ *
NOTE: For public
clients types only.
+ *
+ * @param refreshTokenJWTString the previously issued refresh token JWT string taken from the same token response of the access token parameter
+ * @return the refreshed token as {@link TokenResponse} object
+ * @throws KeycloakClientException if something goes wrong performing the refresh query
+ */
+ TokenResponse refreshToken(String refreshTokenJWTString) throws KeycloakClientException;
+
/**
* Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided
* client id and the refresh token JWT encoded string obtained with the access token in the previous token response.