[keycloak-user] OAuth
Stian Thorgersen
stian at redhat.com
Thu May 7 01:39:38 EDT 2015
We don't currently have support for that rfc. However, we have other mechanisms to expire tokens. All tokens are linked to a user session, once the session is logged out all associated tokens are invalid as well. You can also push a not-before for a realm or a specific client to invalidate all tokens prior to a given date.
----- Original Message -----
> From: "Fadi Abdin" <fadiabdeen at gmail.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: "keycloak-user" <keycloak-user at lists.jboss.org>
> Sent: Monday, May 4, 2015 1:30:42 PM
> Subject: Re: [keycloak-user] OAuth
>
> I basically want to force expire a token , or invalidate a token .
> https://tools.ietf.org/html/rfc7009
>
>
>
> On Mon, May 4, 2015 at 1:09 AM, Stian Thorgersen <stian at redhat.com> wrote:
>
> >
> >
> > ----- Original Message -----
> > > From: "Fadi Abdin" <fadiabdeen at gmail.com>
> > > To: "keycloak-user" <keycloak-user at lists.jboss.org>
> > > Sent: Thursday, April 30, 2015 6:48:47 PM
> > > Subject: [keycloak-user] OAuth
> > >
> > > I just created a simple javascript app to test my oauth keycloak
> > connections
> > > and implemented the calls to do the basic things ( except revoke the
> > token)
> > > .
> > >
> > > My code is on github https://github.com/fadiabdeen/keycloak-oauth
> > >
> > > I was able to get a authorization code.
> > > get a token
> > > refresh the token
> > > get the user information though validate
> > > logout ( which only clears the session
> > >
> > > I cant figure out how to revoke my access_token .. if anybody can help
> > with
> > > this then its great.
> >
> > Not sure what you mean about revoking the access token. Can you elaborate?
> >
> > >
> > > Thanks
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
More information about the keycloak-user
mailing list