[keycloak-user] Changing passwords and current sessions
Stian Thorgersen
stian at redhat.com
Thu Nov 6 03:34:31 EST 2014
IMO the current behaviour is the correct and I can't see any reason to log out a user after changing the password.
----- Original Message -----
> From: "Alarik Myrin" <alarik at zwift.com>
> To: keycloak-user at lists.jboss.org
> Sent: Wednesday, 5 November, 2014 9:25:01 PM
> Subject: [keycloak-user] Changing passwords and current sessions
>
> Should changing a password invalidate current sessions, or at least the
> refresh tokens? Or would a user have to change the password AND log out
> current sessions to invalidate the current sessions and refresh tokens? To
> me it seems like the latter is the current behavior, I just wanted to make
> sure that it is desirable.
>
> Thanks,
>
> Alarik
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list