[keycloak-user] Admin API: Deleting an offline session

Eivind Larsen eivind at jotta.no
Wed Jun 20 09:31:10 EDT 2018


Hi Keycloak Users

In the admin API there is a call to delete a session by ID:

DELETE /{realm}/sessions/{session}

This works for user (online) sessions, but when given the session ID of an
offline session, it gives 404 error and nothing is deleted.

Seeing as this is the only way to delete a given sessionId, I would expect
the call to also delete offline sessions.

1. Is there a way to delete an offline session by id?

2. I think it would be more useful if this call was scoped per user.
Currently you have to load all user sessions, verify that this session ID
is indeed owned by the user, then call delete. Scoping per user would make
it impossible to delete a wrong user's session, and it would reduce
requests to the keycloak instance significantly.

Best Regards,
Eivind Larsen


More information about the keycloak-user mailing list