[keycloak-user] Offline token revocation via API

Dmitriy Semiushkin dmitriy.semiushkin at pleeco.com
Thu Jun 21 13:57:37 EDT 2018


Hello there!

I’m trying to find a way to allow user revoking their offline token via my web app (i.e. using keycloak’s API), not visiting keycloak’s page.

I’ve tried using DELETE /auth/admin/realms/R/users/U/consents/C request, but it requires `manage-users` role which is kinda wide.

I need a way to narrow this role to “allow user only revoke his tokens, not other users’ ones”.

I’ve tried implementing this in JavaScript Policy, but Evalution API have no information about user I’m trying to manage, so I can’t compare user id with identity id to tell if this is the same user.

Is there any way to implement this? 

Thanks in advance!


More information about the keycloak-user mailing list