We don't currently have support for that rfc. However, we have other mechanisms to
expire tokens. All tokens are linked to a user session, once the session is logged out all
associated tokens are invalid as well. You can also push a not-before for a realm or a
specific client to invalidate all tokens prior to a given date.
----- Original Message -----
From: "Fadi Abdin" <fadiabdeen(a)gmail.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: "keycloak-user" <keycloak-user(a)lists.jboss.org>
Sent: Monday, May 4, 2015 1:30:42 PM
Subject: Re: [keycloak-user] OAuth
I basically want to force expire a token , or invalidate a token .
On Mon, May 4, 2015 at 1:09 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
> ----- Original Message -----
> > From: "Fadi Abdin" <fadiabdeen(a)gmail.com>
> > To: "keycloak-user" <keycloak-user(a)lists.jboss.org>
> > Sent: Thursday, April 30, 2015 6:48:47 PM
> > Subject: [keycloak-user] OAuth
> > and implemented the calls to do the basic things ( except revoke the
> > .
> > My code is on github https://github.com/fadiabdeen/keycloak-oauth
> > I was able to get a authorization code.
> > get a token
> > refresh the token
> > get the user information though validate
> > logout ( which only clears the session
> > I cant figure out how to revoke my access_token .. if anybody can help
> > this then its great.
> Not sure what you mean about revoking the access token. Can you elaborate?
> > Thanks
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user