[keycloak-user] keycloak access token caching?
Jannik Hüls
jannik.huels at googlemail.com
Fri Jun 24 04:08:37 EDT 2016
Hi,
I use the /auth/realms/{realm}/protocol/openid-connect/token endpoint to create a User Session. The Session is shown inside keycloak and i get the access_token, refresh_token and id_token.
When I now call the /auth/realms/{realm}/protocol/openid-connect/token/introspect I get a valid response containing “active”:”true” amongst others. I call it using POST method and providing cient_id, client_secret and token parameter as data. The token parameter contains the access_token value.
I now log in to keycloak administrator and logout the User. Now I again call the introspection endpoint but still get a response containing "active":”true”. It seems that keycloak is caching the User Session and after some time I get “active”:”false”. May I be able to disable caching and to immediately get a introspection response that indicates that the User Session does not longer exist?
Btw.: The same happens when I call the /auth/realms/{realm}/protocol/openid-connect/logout?redirect_uri= endpoint. I provided the access_token in the header. POST parameters are client_id, client_secret and refresh_token is this case.
I use the introspection endpoint in the different RPs I use to validate whether the access_token is revoked in order to introduce single logout. Hence it would be nice to disable the caching to have less inconsistence.
Bests
Jannik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160624/ef045a69/attachment.html
More information about the keycloak-user
mailing list