In my implementation, I am validating the JWT tokens locally, keeping the public keys in a
local cache to avoid making multiple calls to the Keycloak server.
I won't know when a key in the server is no longer enabled or valid, therefore I could
end up validating an invalid JWT token locally.
I would like to know if Keycloak has a way to configure callbacks when I rotate my keys.
Does it have?
Then I can update my keys in the cache…
In the case of JWT token revocation, can tokens be individually revoked in Keycloak? Is
this feature available?
Are there callbacks implemented in case I have JWT tokens revoked?
Thank you in advance.
Show replies by date