I login to keycloak and then change my password but my access token and refresh token still worked
all sessions for that user should be logout .
I believe you would need to implement an EventListener that invalidates the sessions of the user on receipt of a password change event.
has anyone done something along those lines already.
Not exactly the same, but the same approach:
1 Like
this link does’nt work. Has anyone achieved this yet?
Did someone can answer this please ?
The flow is very simple at the end of user reset password user should be redirect to login page and need to connect not to be connected