[keycloak-user] Is it possible to invalidate token in Spring Security Adapter
Pedro Igor Silva
psilva at redhat.com
Thu Jun 27 08:43:17 EDT 2019
Hi,
If you are using bearer tokens, the adapter only performs local validation
based on a specific set of claims and signature. If you need to revoke
tokens and propagate the revocation to your resource servers, you should
consider introspecting the token using the token introspection endpoint.
However, our adapters don't provide the support for choosing between
local/remote introspection. Local introspection and validation are enough
for most people but depending on your requirements/constraints you may want
to use the introspection endpoint.
Regards.
Pedro Igor
On Thu, Jun 27, 2019 at 8:51 AM Ondrej Scerba <Ondrej.Scerba at zoomint.com>
wrote:
> Hi,
>
> Is it possible to invalidate token in "offline validator" in Spring
> Security Adapater?
>
> Thanks,
> Ondrej
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list