The token isn't revoked if you disable the app in KC, but the app won't be
permitted to refresh the token. The token continues to be valid until it expires and
it's the application adapter (shoot demo rest endpoints) responsibility to check that
the token isn't expired.
----- Original Message -----
From: "Lucas Holmquist" <lholmqui(a)redhat.com>
To: "AeroGear Developer Mailing List" <aerogear-dev(a)lists.jboss.org>
Sent: Thursday, November 6, 2014 9:58:11 PM
Subject: Re: [aerogear-dev] iOS Shoot Demo
let me try this again to the keycloack list
> On Nov 6, 2014, at 3:54 PM, Corinne Krych <corinnekrych(a)gmail.com> wrote:
> On 06 Nov 2014, at 21:50, Lucas Holmquist <lholmqui(a)redhat.com> wrote:
>> so i was playing with the Shoot demo for iOS and connecting it to KC, a
>> little research for a possible node.js adapter.
>> Anyway, i got everything working, i was able to perform the OAuth2
>> login, redirect back and upload a photo.
>> Then i went into the KC admin console thing, and disabled both the OAuth
>> Client(shoot-third-party ) and the shoot-services, but when i then tried
>> to upload, i was still successful.
> looks like there is an issue on revoking token on KC
> worth bringing the topic on keycloak IRC/mailing list
>> i guess i was under the impression that once one or both of those things
>> are disabled, the upload shouldn’t work.
>> as i’m writing i saw this PR come through,
, not sure if
>> this will solve this issue though
> Nope this one is about refreshing so it will not solve the pb
>> aerogear-dev mailing list
> aerogear-dev mailing list
aerogear-dev mailing list