<div dir="ltr">The access token should have a short lifespan (min) and keycloak.js will quickly refresh the token once a request is made. This is only an issue wif amdin logs out, as if the user itself logs out it is detected by keycloak.js even if the user logs out from a different app.<br><div><br></div><div>There's also a verify token endpoint that can be invoked to check if token is valid without refreshing it. This will incur extra requests to the server though, so be careful with this one if you have a lot of users. There isn't support in keycloak.js for it, but would be relatively easy to add and I'd happily accept a PR for it. The endpoint is '/auth/realms/<realm>/protocols/openid-connect/validate?access_token=<access token>' it will return the json of the token or 400 with a error description if not valid. </div></div><div class="gmail_extra"><br><div class="gmail_quote">On 24 November 2015 at 16:33, Jose Suero <span dir="ltr"><<a href="mailto:josephsuero@gmail.com" target="_blank">josephsuero@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">How can I periodically check if the token is still active? if I manually logout users on the admin, what can I call from the browser to know that token is still acive</div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>