Re: [keycloak-dev] Revocation of access_token
Thanks Stian for you reply
Interesting it looks different from what we’ve seen so far with Google and Facebook,
closer to http://tools.ietf.org/html/rfc7009 draft specification on revoke toke where you
put the token you want to revoke and it will revoke all refreh and access tokens.
++
Corinne
On 16 Jun 2014, at 11:22, Stian Thorgersen <stian(a)redhat.com> wrote:
You can't revoke individual tokens or refresh tokens, but all
tokens (and cookies) are linked to a user session which can be revoked.
To logout the current session (uses cookie):
https://server/realms/application/tokens/logout
To logout a specific session (you can get the session state from token:
https://server/realms/application/tokens/logout?session_state=<SESSION...
You can also logout sessions from the account management, or through the admin console.
----- Original Message -----
> From: "Christos Vasilakis" <cvasilak(a)gmail.com>
> To: keycloak-dev(a)lists.jboss.org
> Sent: Monday, 16 June, 2014 10:04:30 AM
> Subject: [keycloak-dev] Revocation of access_token
>
> Hi all,
>
> is there any way a user that holds an ‘access_token’ to manually revoke it
> by posting to a particular URL?
>
> 'curl
"https://server/realms/application/tokens/revoke?token=<token>'
>
> Sorry if i am missing sth would be glad if you point me to the right
> direction.
>
> Regards,
> Christos
>
>
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev