[keycloak-user] keycloak access token caching?

Jannik Hüls jannik.huels at googlemail.com
Fri Jun 24 04:08:37 EDT 2016


Hi,

I use the /auth/realms/{realm}/protocol/openid-connect/token  endpoint to create a User Session. The Session is shown inside keycloak and i get the access_token, refresh_token and id_token.
When I now call the /auth/realms/{realm}/protocol/openid-connect/token/introspect I get a valid response containing “active”:”true” amongst others. I call it using POST method and providing cient_id, client_secret and token parameter as data. The token parameter contains the access_token value. 

I now log in to keycloak administrator and logout the User. Now I again call the introspection endpoint but still get a response containing "active":”true”. It seems that keycloak is caching the User Session and after some time I get “active”:”false”. May I be able to disable caching and to immediately get a introspection response that indicates that the User Session does not longer exist?

Btw.: The same happens when I call the /auth/realms/{realm}/protocol/openid-connect/logout?redirect_uri= endpoint. I provided the access_token in the header. POST parameters are client_id, client_secret and refresh_token is this case.

I use the introspection endpoint in the different RPs I use to validate whether the access_token is revoked in order to introduce single logout. Hence it would be nice to disable the caching to have less inconsistence. 

Bests
Jannik





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160624/ef045a69/attachment.html 


More information about the keycloak-user mailing list