Trying different options in logout. The real ask is to revoke the access token and refresh token.
- Authenticate a user in keycloak - get access_token, expiry, refresh_token, expiry, type…
- After use of the tokens (sessions), want to revoke the access_token and refresh_token
- Have not persisted the refresh_token in the database
- Tried the UserResource.logout API - returns 403 Forbidden
- Tried the HTTP Java implementation to logout - it asks for refresh_token
- If I give the refresh token manually - logout succeeds - session in Admin console shows 0
Is there a way to get the refresh_token from the access_token, so that it can be passed to the logout endpoint as form encoded attribute?
Any help much appreciated.