12:57 p.m.
Hello there!
I’m trying to find a way to allow user revoking their offline token via my web app (i.e.
using keycloak’s API), not visiting keycloak’s page.
I’ve tried using DELETE /auth/admin/realms/R/users/U/consents/C request, but it requires
`manage-users` role which is kinda wide.
I need a way to narrow this role to “allow user only revoke his tokens, not other users’
ones”.
I’ve tried implementing this in JavaScript Policy, but Evalution API have no information
about user I’m trying to manage, so I can’t compare user id with identity id to tell if
this is the same user.
Is there any way to implement this?
Thanks in advance!
6:28 a.m.
Hi,
this is not yet supported. In future versions, we plan to have
Account-management based on Angular + REST API. This will allow to
expose REST endpoints for various actions like revoke offline tokens, so
you will be able to do this then.
Until that, you may need to create your own REST provider (See
keycloak-examples distribution and directory "providers"), which will
allow to authenticate user with his token and revoke offline token based
on that.
Marek
On 21/06/18 19:57, Dmitriy Semiushkin wrote:
Hello there!
I’m trying to find a way to allow user revoking their offline token via my web app (i.e.
using keycloak’s API), not visiting keycloak’s page.
I’ve tried using DELETE /auth/admin/realms/R/users/U/consents/C request, but it requires
`manage-users` role which is kinda wide.
I need a way to narrow this role to “allow user only revoke his tokens, not other users’
ones”.
I’ve tried implementing this in JavaScript Policy, but Evalution API have no information
about user I’m trying to manage, so I can’t compare user id with identity id to tell if
this is the same user.
Is there any way to implement this?
Thanks in advance!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2393
days inactive
2394
days old
2 comments
2 participants
participants (2)
-
Dmitriy Semiushkin -
Marek Posolda