[keycloak-dev] Additional things to consider for 1.0.final
Bill Burke
bburke at redhat.com
Thu Jul 17 09:33:28 EDT 2014
On 7/17/2014 9:25 AM, Bruno Oliveira wrote:
> Good morning Stian,
>
> Is the revocation of the refresh token[1][2] also planned?
>
> [1] -
> http://lists.jboss.org/pipermail/keycloak-dev/2014-June/001950.html
> [2] - http://tools.ietf.org/html/rfc7009
>
This is what you currently can do:
1. You can set up a notBefore policy realm-wide. This will invalidate
all refresh tokens realm wide.
2. You can invalidate a user session which invalidates all refresh
tokens created under that session.
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list