From 68dea8051a32be3ad222a5bf30922f9d99270edb Mon Sep 17 00:00:00 2001
From: Gemini Lasswell <gazally@runbox.com>
Date: Tue, 21 Jul 2020 15:57:45 -0700
Subject: [PATCH] Handle 'Token is not active' error in refresh_token

If a token is acquired but not used before it times out,
Keycloak will return a 400 response with the message
'Token is not active'.  Change refresh_token to handle
this error by getting a new token.
---
 keycloak/keycloak_admin.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/keycloak/keycloak_admin.py b/keycloak/keycloak_admin.py
index 6293d5b..2211151 100644
--- a/keycloak/keycloak_admin.py
+++ b/keycloak/keycloak_admin.py
@@ -1397,7 +1397,8 @@ class KeycloakAdmin:
         try:
             self.token = self.keycloak_openid.refresh_token(refresh_token)
         except KeycloakGetError as e:
-            if e.response_code == 400 and b'Refresh token expired' in e.response_body:
+            if e.response_code == 400 and (b'Refresh token expired' in e.response_body or
+                                           b'Token is not active' in e.response_body):
                 self.get_token()
             else:
                 raise