Re: [keycloak-user] Is it possible to invalidate token in Spring Security Adapter

Hi, Is there any example available, how can be remote introspection implemented with Keycloak Spring Security Adapter? Thanks, Ondrej *From:* Pedro Igor Silva <psilva(a)redhat.com&gt; *Sent:* Thursday, June 27, 2019 14:43 *To:* Ondrej Scerba <Ondrej.Scerba(a)zoomint.com&gt; *Cc:* keycloak-user(a)lists.jboss.org *Subject:* Re: [keycloak-user] Is it possible to invalidate token in Spring Security Adapter Hi, If you are using bearer tokens, the adapter only performs local validation based on a specific set of claims and signature. If you need to revoke tokens and propagate the revocation to your resource servers, you should consider introspecting the token using the token introspection endpoint. However, our adapters don't provide the support for choosing between local/remote introspection. Local introspection and validation are enough for most people but depending on your requirements/constraints you may want to use the introspection endpoint. Regards. Pedro Igor On Thu, Jun 27, 2019 at 8:51 AM Ondrej Scerba <Ondrej.Scerba(a)zoomint.com&gt; wrote: Hi, Is it possible to invalidate token in "offline validator" in Spring Security Adapater? Thanks, Ondrej _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user