[keycloak-dev] Revocation of access_token
Corinne Krych
corinnekrych at gmail.com
Mon Jun 16 05:51:31 EDT 2014
Thanks Stian for you reply
Interesting it looks different from what we’ve seen so far with Google and Facebook, closer to http://tools.ietf.org/html/rfc7009 draft specification on revoke toke where you put the token you want to revoke and it will revoke all refreh and access tokens.
++
Corinne
On 16 Jun 2014, at 11:22, Stian Thorgersen <stian at redhat.com> wrote:
> You can't revoke individual tokens or refresh tokens, but all tokens (and cookies) are linked to a user session which can be revoked.
>
> To logout the current session (uses cookie):
> https://server/realms/application/tokens/logout
>
> To logout a specific session (you can get the session state from token:
> https://server/realms/application/tokens/logout?session_state=<SESSION>
>
> You can also logout sessions from the account management, or through the admin console.
>
> ----- Original Message -----
>> From: "Christos Vasilakis" <cvasilak at gmail.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Monday, 16 June, 2014 10:04:30 AM
>> Subject: [keycloak-dev] Revocation of access_token
>>
>> Hi all,
>>
>> is there any way a user that holds an ‘access_token’ to manually revoke it
>> by posting to a particular URL?
>>
>> 'curl "https://server/realms/application/tokens/revoke?token=<token>'
>>
>> Sorry if i am missing sth would be glad if you point me to the right
>> direction.
>>
>> Regards,
>> Christos
>>
>>
>>
>>
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list