As a user of Keycloak on a production project, I'm a little sad there is currently no support for opaque tokens.
Sure, you can treat the access token as an opaque token... but at the end of the day it could be a lot smaller.
We also experience a few front-end issues, like when a token expires, the browser tab goes back to the login page. If you leave the tab a while then press login, the token it is using will have expired. Rather than automatically retrieving a new token and posting the login again, the user gets an error message and has to authenticate again.
If you have two tabs in that state, you log one back in, switch to the other tab, if you refresh that tab, all is well, login proceeds automatically. If you press "login" instead, you get an error page telling you "already logged in" rather than just redirecting you back to the app... it also loses the redirect url so you have to press "back" instead.
Will see if we can fix these when we have time, it would be nice to contribute back.
Discussed here https://github.com/keycloak/keycloak/discussions/9713 and https://stackoverflow.com/questions/75082532/keycloak-suppor...
We also experience a few front-end issues, like when a token expires, the browser tab goes back to the login page. If you leave the tab a while then press login, the token it is using will have expired. Rather than automatically retrieving a new token and posting the login again, the user gets an error message and has to authenticate again.
If you have two tabs in that state, you log one back in, switch to the other tab, if you refresh that tab, all is well, login proceeds automatically. If you press "login" instead, you get an error page telling you "already logged in" rather than just redirecting you back to the app... it also loses the redirect url so you have to press "back" instead.
Will see if we can fix these when we have time, it would be nice to contribute back.