[keycloak-user] Revoking an OAuth Token

Stian Thorgersen sthorger at redhat.com
Tue Mar 7 03:15:08 EST 2017


You can revoke the session, but not individual tokens. I doubt we'd add
revocation for individual tokens as that would require much more state
maintained on the server side.

On 6 March 2017 at 18:05, Jason B <jason at naidmincloud.com> wrote:

> Hi,
>
> I am wondering how can we revoke an issued OAuth access token/refresh token
> in Keycloak ? What is the request will look like and what is the end point
> we need to invoke?
>
> Also, I see there is a RFC for OAuth token revocation (
> https://tools.ietf.org/html/rfc7009) process, but I am assuming this is
> not
> yet implemented in Keycloak. Are there any plans for implementing this RFC
> in future? Please let me know.
>
> Thanks!
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list