Re: [keycloak-user] Token Validation Endpoint

Hi Brian, There is an endpoint based on RFC-7662 [1]. Check http://localhost:8080/auth/realms/{realm_name}/.well-known/openid-configu... for "token_introspection_endpoint". [1] https://tools.ietf.org/html/rfc7662 Regards. Pedro Igor ----- Original Message ----- From: "Brian Watson" <watson409(a)gmail.com&gt; To: keycloak-user(a)lists.jboss.org Sent: Wednesday, April 20, 2016 10:53:26 AM Subject: [keycloak-user] Token Validation Endpoint Hi all, I have a question regarding token validation. I have an access token, and I want to make sure it's still valid. In other words, I need to ensure that either (a) the user hasn't logged out, or (b) someone hasn't invalidated the session to which the token is associated. The use case is an integration with an API gateway, in which the API gateway ensures the validity of a token with Keycloak before passing it to downstream services. Is there an endpoint I can call with a token that will tell me if the token is still valid? Is there another way I should be performing this check? Thank you. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user