2:22 p.m.
Hello,Is there a way to revoke/invalidate a refresh token issued to a specific user? My
understanding is that I can revoke all of the previously issued refresh tokens using
'Revocation' and setting Not Before to Now; this is good but it would be great if
I can revoke individual tokens as well.Thx--Peter
2:46 p.m.
Yes you can. IN the admin console, go to the individual user and go to
the sessions tab. You can then view each session the user has. This
action has a REST api behind it.
http://keycloak.github.io/docs/rest-api/index.html
REST api allows you to get list of sessions for the user, logout all
sessions for the user, and to remove an individual session.
On 6/7/16 3:22 PM, Peter Nalyvayko wrote:
Hello,
Is there a way to revoke/invalidate a refresh token issued to a
specific user? My understanding is that I can revoke all of the
previously issued refresh tokens using 'Revocation' and setting Not
Before to Now; this is good but it would be great if I can revoke
individual tokens as well.
Thx
--Peter
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3110
days inactive
3110
days old
1 comments
2 participants
participants (2)
-
Bill Burke -
Peter Nalyvayko