[keycloak-user] Password Expiration not applied to Token

Chris Atkinson atgnatus at yahoo.com
Wed Sep 9 11:54:02 EDT 2015

We have set a password policy to have passwords expire after a number of days.  This works fine through the Keycloak login screen.  However, when we use the REST API to do a direct grant (we call '/protocol/openid-connect/token' on Keycloack 1.3.1) a valid token is returned even after the password has expired.
This does not seem like the correct behavior.  Is there an issue here?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150909/8ad01f6f/attachment.html 

More information about the keycloak-user mailing list