Hi,
Please use the user mailing list for questions and help.
On Mon, 25 Jun 2018 at 09:57, Eivind Larsen <eivind(a)jotta.no> wrote:
Hi Keycloak Devs!
In the admin API there is a call to delete a session by ID:
DELETE /{realm}/sessions/{session_id}
This works for user (online) sessions, but when given the session ID of an
offline session, it gives 404 error and nothing is deleted.
Seeing as this is the only way to delete a given as session by id,
I would expect the call to work for offline sessions as well,
ideally deleting both the user session and the offline session by this id.
What do you think?
Is there an alternative way to delete an offline session by id?
I think it would be more useful if this call was scoped per user.
Currently you have to load all user sessions, verify that this session ID
is indeed owned by the user, then call delete. Scoping per user would make
it impossible to delete a wrong user's session, and it would reduce
requests to the keycloak instance.
Best Regards,
Eivind Larsen
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev