[keycloak-user] Verify token thru javascript api

Stian Thorgersen sthorger at redhat.com
Tue Nov 24 15:38:48 EST 2015


The access token should have a short lifespan (min) and keycloak.js will
quickly refresh the token once a request is made. This is only an issue wif
amdin logs out, as if the user itself logs out it is detected by
keycloak.js even if the user logs out from a different app.

There's also a verify token endpoint that can be invoked to check if token
is valid without refreshing it. This will incur extra requests to the
server though, so be careful with this one if you have a lot of users.
There isn't support in keycloak.js for it, but would be relatively easy to
add and I'd happily accept a PR for it. The endpoint is
'/auth/realms/<realm>/protocols/openid-connect/validate?access_token=<access
token>' it will return the json of the token or 400 with a error
description if not valid.

On 24 November 2015 at 16:33, Jose Suero <josephsuero at gmail.com> wrote:

> How can I periodically check if the token is still active? if I manually
> logout users on the admin, what can I call from the browser to know that
> token is still acive
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151124/854f103b/attachment.html 


More information about the keycloak-user mailing list