[keycloak-user] Changing passwords and current sessions
Alarik Myrin
alarik at zwift.com
Wed Nov 5 15:25:01 EST 2014
Should changing a password invalidate current sessions, or at least the
refresh tokens? Or would a user have to change the password AND log out
current sessions to invalidate the current sessions and refresh tokens? To
me it seems like the latter is the current behavior, I just wanted to make
sure that it is desirable.
Thanks,
Alarik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141105/ed4a5102/attachment.html
More information about the keycloak-user
mailing list