[keycloak-dev] Refresh tokens

Stian Thorgersen stian at redhat.com
Thu Feb 20 07:49:20 EST 2014

With regards to refresh tokens it would be nice to add support for users to be able to manage applications at the same time.


Account management should have a page that lists all applications and clients that have access to a users account. This would be a list of applications and clients that have been given a refresh token (and where the refresh token hasn't expired). For clients it should also list the scope that was granted (probably doesn't make sense to list this for applications).

Users should be able to revoke access to an individual application or client. This would result in the refresh token being invalidated so the application or client wouldn't be able to retrieve a new token.

More information about the keycloak-dev mailing list