[keycloak-user] Is it possible to invalidate token in Spring Security Adapter
Ondrej Scerba
Ondrej.Scerba at zoomint.com
Tue Jul 2 10:13:15 EDT 2019
Hi,
Is there any example available, how can be remote introspection implemented with Keycloak Spring Security Adapter?
Thanks,
Ondrej
From: Pedro Igor Silva <psilva at redhat.com>
Sent: Thursday, June 27, 2019 14:43
To: Ondrej Scerba <Ondrej.Scerba at zoomint.com>
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Is it possible to invalidate token in Spring Security Adapter
Hi,
If you are using bearer tokens, the adapter only performs local validation based on a specific set of claims and signature. If you need to revoke tokens and propagate the revocation to your resource servers, you should consider introspecting the token using the token introspection endpoint.
However, our adapters don't provide the support for choosing between local/remote introspection. Local introspection and validation are enough for most people but depending on your requirements/constraints you may want to use the introspection endpoint.
Regards.
Pedro Igor
On Thu, Jun 27, 2019 at 8:51 AM Ondrej Scerba <Ondrej.Scerba at zoomint.com<mailto:Ondrej.Scerba at zoomint.com>> wrote:
Hi,
Is it possible to invalidate token in "offline validator" in Spring Security Adapater?
Thanks,
Ondrej
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list