[keycloak-dev] revocation is in

[Bill Burke]

You can set up a Not Before policy at the realm or client level.  You 
have the option to PUSH this value to the client adapters that have a 
admin url set up.  Not Before policy is also piggybacked with 
AccessTokenResponse too.  Adapters recheck the not before policy before 
each request and will force a re-auth if the token is stale.
-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com