[keycloak-user] Token Validation Endpoint
Thomas Darimont
thomas.darimont at googlemail.com
Wed Apr 20 10:06:55 EDT 2016
Hello,
I guess you could do that with the token-introspection endpoint:
https://issues.jboss.org/browse/KEYCLOAK-2266
http://localhostt:8080/auth/realms/master/.well-known/openid-configuration
->
http://localhost:8080/auth/realms/master/protocol/openid-connect/token/introspect
Cheers,
Thomas
2016-04-20 15:53 GMT+02:00 Brian Watson <watson409 at gmail.com>:
> Hi all,
>
> I have a question regarding token validation.
>
> I have an access token, and I want to make sure it's still valid. In other
> words, I need to ensure that either (a) the user hasn't logged out, or (b)
> someone hasn't invalidated the session to which the token is associated.
> The use case is an integration with an API gateway, in which the API
> gateway ensures the validity of a token with Keycloak before passing it to
> downstream services.
>
> Is there an endpoint I can call with a token that will tell me if the
> token is still valid? Is there another way I should be performing this
> check?
>
> Thank you.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160420/e9153908/attachment.html
More information about the keycloak-user
mailing list