-
-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revoking Token in Keycloak #15
Comments
Hi @AdigaAkhil I believe I got it partially. The introspect endpoint is returning 403 and the revoke is working. I've used the app of this repo. Get JWT token
Response
Set refresh_token to TOKEN env var
Call introspect endpoint using TOKEN
Response
Probably, there is some config we need to set for the client. Call revoke endpoint using TOKEN
Response
|
Hi @AdigaAkhil any feedback from your side on this issue? Thanks! |
Closing issue as no feedback was provided. |
Sorry @ivangfr, I was out on vacation. Thank you for the response. I'll look into it and let you know. |
Hello @ivangfr ,
Firstly, great project! loved it. It covers everything from the backend and front end.
However, I had some queries regarding Keycloak in your project.
As far as I have done research the only API to revoke a token is the /revoke API which looks like this
http://localhost:8080/realms/<realm-name>/protocol/openid-connect/revoke
Along with this URL we will also be using clientId,client-secret, token_type and the actual token we want to revoke.
My query is, if we use the PKCE apporoach there is no client-secret ,so how do we revoke the token since the client secret is not optional
The same query applies for the introspect endpoint as well
http://localhost:8080/realms/<realm-name>/protocol/openid-connect/token/introspect
The text was updated successfully, but these errors were encountered: