[keycloak-user] Offline token revocation via API
Marek Posolda
mposolda at redhat.com
Fri Jun 22 07:28:58 EDT 2018
Hi,
this is not yet supported. In future versions, we plan to have
Account-management based on Angular + REST API. This will allow to
expose REST endpoints for various actions like revoke offline tokens, so
you will be able to do this then.
Until that, you may need to create your own REST provider (See
keycloak-examples distribution and directory "providers"), which will
allow to authenticate user with his token and revoke offline token based
on that.
Marek
On 21/06/18 19:57, Dmitriy Semiushkin wrote:
> Hello there!
>
> I’m trying to find a way to allow user revoking their offline token via my web app (i.e. using keycloak’s API), not visiting keycloak’s page.
>
> I’ve tried using DELETE /auth/admin/realms/R/users/U/consents/C request, but it requires `manage-users` role which is kinda wide.
>
> I need a way to narrow this role to “allow user only revoke his tokens, not other users’ ones”.
>
> I’ve tried implementing this in JavaScript Policy, but Evalution API have no information about user I’m trying to manage, so I can’t compare user id with identity id to tell if this is the same user.
>
> Is there any way to implement this?
>
> Thanks in advance!
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list