[keycloak-dev] Account management requirements for beta1

Stian Thorgersen stian at redhat.com
Wed Apr 30 12:17:47 EDT 2014


With regards to account management what additional requirements do we have for beta1?

Features I can think off to add now or in the future includes:

* Manage refresh tokens - view applications and clients that have refresh tokens, and the ability to invalidate specific tokens
* Manage devices - view browsers and devices that have access (remember me cookie?), and the ability to invalidate specific cookies
* Manage devices that can bypass totp - it seems to be quite common that it's possible to not require asking for totp again for a specific device, I assume this is done by setting a cookie, if we enable this it should be possible to view what devices have this option, as well as invalidate them
* Manage applications - view all applications, be able to navigate to an application, and the ability to invalidate access to specific application
* Manage clients - view all clients and what grants they have, and the ability to revoke access to specific client

I think listing client grants, invalidate specific client grants, and a logout everything option would be sufficient. The logout everything option would invalidate any refresh tokens, remember me cookies, 'skip' totp cookies and do a sso-logout.


More information about the keycloak-dev mailing list