[keycloak-dev] Refresh tokens
bburke at redhat.com
Thu Feb 20 09:34:05 EST 2014
Ok, I'll add that to my list.
On 2/20/2014 7:49 AM, Stian Thorgersen wrote:
> With regards to refresh tokens it would be nice to add support for users to be able to manage applications at the same time.
> Account management should have a page that lists all applications and clients that have access to a users account. This would be a list of applications and clients that have been given a refresh token (and where the refresh token hasn't expired). For clients it should also list the scope that was granted (probably doesn't make sense to list this for applications).
> Users should be able to revoke access to an individual application or client. This would result in the refresh token being invalidated so the application or client wouldn't be able to retrieve a new token.
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
JBoss, a division of Red Hat
More information about the keycloak-dev