When I click login to my web app it redirects me to the Keycloak page to log in. After that, the Keycloak page redirects me to my app with an access_token and refresh_token. If the access_token expired it silently refreshes itself with the refresh token.
The problem is if I went to the Keycloak page to sign out, the access_token keeps working infinitely and doesn’t expire. How to prevent using tokens when the session terminated.
I use SpringBoot for the back-end and Angular for the front-end with angular-oauth2-oidc.