Logout all session when password change

I login to keycloak and then change my password but my access token and refresh token still worked
all sessions for that user should be logout .

I believe you would need to implement an EventListener that invalidates the sessions of the user on receipt of a password change event.

has anyone done something along those lines already.

Not exactly the same, but the same approach:

1 Like