I am working on an Angular app with keycloak.js and keycloak-angular and I am having issues getting access to the keycloak refresh-token.
I embed an iframe from another project that requires me to send the acess-token and the refresh-token in the params of the source url so that the user stays logged in there. The people from the other project says they need both tokens one way or another.
My app has the keycloak-angular interceptor before it's own, as a result, I think that no token request gets through the first interceptor, but I am not quite sure if the one that manages privately and internally the refresh-token is keycloak.js and not keycloak-angular.
So basically...
- how do I get the refresh-token?
- Is this a bad practice that should be avoided?
- In that case, how should I approach this matter?
