Tim Nolte

@srhpolansky I'm looking into this some more. After some additional review I'm thinking this may be caused by a combination of the Refresh Token option, as well as the "Redirect...

Noting that this may be related to an older open item, #178 , where the access token is not being updated during the token refresh. If that is the case...

@srhpolansky can you confirm if turning off the option to send users to the login page when the session expires fixes your issue? I'm testing this as well.

@eriksays I need to get back to my testing and analysis on this issue. Been sidetracked by other work and haven't had a chance to complete my work on this....

@Emanuele-iltk so as I was looking the AWS Cognito documentation it looks like this may be related to the requirement that Basic Authorization is to be used with AWS Cognito...

@Emanuele-iltk so I did setup my own AWS Cognito instance and have this working properly. I will provide some documentation guidance in the wiki for this IDP soon.

@sarfrazhooda1 I haven't had a chance to update the wiki yet. I need to focus on some redirect & bug fixes. I should be able to get something documented soon.

@wineworkskeith what IDP are you using, also are you using the Alternative Redirect URI?

If I understand your flow correctly, are you saying that your Keycloak is setup to allow users to authenticate via a third party IDP, like Facebook/Twitter/etc? If this is the...

I believe the problem here is that the URL is being double escaped, you shouldn't be escaping the URL we are providing.