[keycloak-user] Password Expiration not applied to Token
atgnatus at yahoo.com
Wed Sep 9 11:54:02 EDT 2015
We have set a password policy to have passwords expire after a number of days. This works fine through the Keycloak login screen. However, when we use the REST API to do a direct grant (we call '/protocol/openid-connect/token' on Keycloack 1.3.1) a valid token is returned even after the password has expired.
This does not seem like the correct behavior. Is there an issue here?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the keycloak-user