[keycloak-dev] Revocation of access_token
Stian Thorgersen
stian at redhat.com
Mon Jun 16 05:22:23 EDT 2014
You can't revoke individual tokens or refresh tokens, but all tokens (and cookies) are linked to a user session which can be revoked.
To logout the current session (uses cookie):
https://server/realms/application/tokens/logout
To logout a specific session (you can get the session state from token:
https://server/realms/application/tokens/logout?session_state=<SESSION>
You can also logout sessions from the account management, or through the admin console.
----- Original Message -----
> From: "Christos Vasilakis" <cvasilak at gmail.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Monday, 16 June, 2014 10:04:30 AM
> Subject: [keycloak-dev] Revocation of access_token
>
> Hi all,
>
> is there any way a user that holds an ‘access_token’ to manually revoke it
> by posting to a particular URL?
>
> 'curl "https://server/realms/application/tokens/revoke?token=<token>'
>
> Sorry if i am missing sth would be glad if you point me to the right
> direction.
>
> Regards,
> Christos
>
>
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list