I have set up the Direct Grant flow to authenticate users. I am using the following endpoint
http://localhost:8080/realms/GT/protocol/openid-connect/token
to get a token then configured my ASP. NET server to authenticate the users on my server. I authenticate the users using the access_token and the AddJwtBearer method to authenticate users.
My question:
What is the correct way to check if a user is still logged in to Keycloak?
I have knowledge regartding the following endpoint to see if a particular user is still logged into keycloak:
http://localhost:8080/admin/realms/GT/users/efd279e9-573c-4a00-a462-f8d7664c934e/sessions
However, this will require me to make a call to this endpoint for each server endpoint which becomes expensive. Thus, is there another method which can be used?
Note: I have notcied that when I sign the user out of keycloak manually(using the KC console) then the access_token is still valid and the user can still access the server’s resources which is not desirable.