Re: [keycloak-dev] Additional things to consider for 1.0.final
On 7/17/2014 9:25 AM, Bruno Oliveira wrote:
Good morning Stian,
Is the revocation of the refresh token[1][2] also planned?
[1] -
http://lists.jboss.org/pipermail/keycloak-dev/2014-June/001950.html
[2] - http://tools.ietf.org/html/rfc7009
This is what you currently can do:
1. You can set up a notBefore policy realm-wide. This will invalidate
all refresh tokens realm wide.
2. You can invalidate a user session which invalidates all refresh
tokens created under that session.
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com