Access Token - Technical Details for deleting and revoking

91 views
Skip to first unread message

Memet Edemen

unread,
Jun 27, 2024, 2:50:54 AM (7 days ago) Jun 27
to Keycloak User
Hi,

does someone know, how KeyCloak handles the Secure Deletion of access tokens in technical detail? I know how this flow works, but i would like to know the steps in detail with description of the cryptographic functionality. 
How is the deletion of access tokens realized?
I know about the Flow with tagging the access token and the Cleanup Process, but i need this informations in detail.

A concrete link to a possibly existing documentation would be very helpful.

Thanks in advance
Memet

Björn Eickvonder

unread,
Jun 27, 2024, 8:29:05 PM (6 days ago) Jun 27
to Keycloak User

The AccessToken provided by Keycloak is a self-contained JWT token and as such I think it is not stored in any way in Keycloak. The token is valid as long as it is defined to be valid, there is no revocation possible.

Björn
Reply all
Reply to author
Forward
0 new messages