[keycloak-user] Revoking an OAuth Token

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[keycloak-user] Revoking an OAuth Token

Jason B
Hi,

I am wondering how can we revoke an issued OAuth access token/refresh token
in Keycloak ? What is the request will look like and what is the end point
we need to invoke?

Also, I see there is a RFC for OAuth token revocation (
https://tools.ietf.org/html/rfc7009) process, but I am assuming this is not
yet implemented in Keycloak. Are there any plans for implementing this RFC
in future? Please let me know.

Thanks!
_______________________________________________
keycloak-user mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/keycloak-user
Reply | Threaded
Open this post in threaded view
|

Re: [keycloak-user] Revoking an OAuth Token

stianst
Administrator
You can revoke the session, but not individual tokens. I doubt we'd add
revocation for individual tokens as that would require much more state
maintained on the server side.

On 6 March 2017 at 18:05, Jason B <[hidden email]> wrote:

> Hi,
>
> I am wondering how can we revoke an issued OAuth access token/refresh token
> in Keycloak ? What is the request will look like and what is the end point
> we need to invoke?
>
> Also, I see there is a RFC for OAuth token revocation (
> https://tools.ietf.org/html/rfc7009) process, but I am assuming this is
> not
> yet implemented in Keycloak. Are there any plans for implementing this RFC
> in future? Please let me know.
>
> Thanks!
> _______________________________________________
> keycloak-user mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/keycloak-user