You can revoke the session, but not individual tokens. I doubt we'd add
revocation for individual tokens as that would require much more state
maintained on the server side.
On 6 March 2017 at 18:05, Jason B <jason(a)naidmincloud.com> wrote:
Hi,
I am wondering how can we revoke an issued OAuth access token/refresh token
in Keycloak ? What is the request will look like and what is the end point
we need to invoke?
Also, I see there is a RFC for OAuth token revocation (
https://tools.ietf.org/html/rfc7009) process, but I am assuming this is
not
yet implemented in Keycloak. Are there any plans for implementing this RFC
in future? Please let me know.
Thanks!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user