7:14 a.m.
Hi,
We have the case that there can be multiple offline sessions for a
particular user. Is there a way to logout or invalid one particular offline
session/token? Using the OAuth endpoints we can easily logout the
normal session, but the offline tokens are still there. I can see that it is
possible to invalidate ALL offline tokens for a particular user, but is there
any way to invalidate just one particular one?
I saw this issue which was discussed a bit and reopened and then closed,
but it doesn't look like something was done:
https://issues.jboss.org/browse/KEYCLOAK-3375
Regards,
Scott
1:53 a.m.
An offline session is not linked to the normal session and there's two ways
to log those out:
* A user can remove the offline session in account management console
* The offline token can be logged using the logout endpoint (see
https://issues.jboss.org/browse/KEYCLOAK-3173)
On 12 February 2018 at 14:14, Scott Finlay <scott.finlay(a)sixt.com> wrote:
Hi,
We have the case that there can be multiple offline sessions for a
particular user. Is there a way to logout or invalid one particular offline
session/token? Using the OAuth endpoints we can easily logout the
normal session, but the offline tokens are still there. I can see that it
is
possible to invalidate ALL offline tokens for a particular user, but is
there
any way to invalidate just one particular one?
I saw this issue which was discussed a bit and reopened and then closed,
but it doesn't look like something was done: https://issues.jboss.org/
browse/KEYCLOAK-3375
Regards,
Scott
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2523
days inactive
2524
days old
1 comments
2 participants
participants (2)
-
Scott Finlay -
Stian Thorgersen