Re: [keycloak-dev] Revocation of access_token
You can't revoke individual tokens or refresh tokens, but all tokens (and cookies) are
linked to a user session which can be revoked.
To logout the current session (uses cookie):
https://server/realms/application/tokens/logout
To logout a specific session (you can get the session state from token:
https://server/realms/application/tokens/logout?session_state=<SESSION...
You can also logout sessions from the account management, or through the admin console.
----- Original Message -----
From: "Christos Vasilakis" <cvasilak(a)gmail.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Monday, 16 June, 2014 10:04:30 AM
Subject: [keycloak-dev] Revocation of access_token
Hi all,
is there any way a user that holds an ‘access_token’ to manually revoke it
by posting to a particular URL?
'curl "https://server/realms/application/tokens/revoke?token=<token>'
Sorry if i am missing sth would be glad if you point me to the right
direction.
Regards,
Christos
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev