IMO the current behaviour is the correct and I can't see any reason to log out a user
after changing the password.
----- Original Message -----
From: "Alarik Myrin" <alarik(a)zwift.com>
To: keycloak-user(a)lists.jboss.org
Sent: Wednesday, 5 November, 2014 9:25:01 PM
Subject: [keycloak-user] Changing passwords and current sessions
Should changing a password invalidate current sessions, or at least the
refresh tokens? Or would a user have to change the password AND log out
current sessions to invalidate the current sessions and refresh tokens? To
me it seems like the latter is the current behavior, I just wanted to make
sure that it is desirable.
Thanks,
Alarik
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user