Access & Refresh Token Lifecycle in Keycloak: Storage, Invalidation, and Security
58 views
Skip to first unread message
Pooja Kose
Apr 10, 2025, 2:15:08 AM4/10/25
to Keycloak User
Hi Team,
Could you explain how Keycloak generates and manages access tokens and refresh tokens during the login and logout process?
Specifically, I’d like to understand how these tokens are created, where and how they are stored internally in Keycloak’s database, and how they are invalidated or removed during user logout. Also, what are the best practices for securely storing and handling these tokens on both the server and client side?
Thanks,
Pooja
Could you explain how Keycloak generates and manages access tokens and refresh tokens during the login and logout process?
Specifically, I’d like to understand how these tokens are created, where and how they are stored internally in Keycloak’s database, and how they are invalidated or removed during user logout. Also, what are the best practices for securely storing and handling these tokens on both the server and client side?
Thanks,
Pooja
Reply all
Reply to author
Forward
0 new messages