All Superinterfaces:: Provider

All Known Implementing Classes:: InfinispanRevokedTokenProvider, JpaRevokedTokenProvider

public interface RevokedTokenProvider extends Provider

Manages revoked tokens.

When a token is revoked (e.g. via logout or token revocation endpoint), its ID is stored so that subsequent validation attempts can reject it for the remainder of its natural lifespan. Expired entries are cleaned up automatically.

Obtain an instance via KeycloakSession.revokedTokens().

Method Summary

Modifier and Type

Method

Description

boolean

contains(String id)

Checks whether a token has been revoked.

boolean

put(String id, long lifespanSeconds)

Records a token as revoked.

Methods inherited from interface org.keycloak.provider.Provider
close

Method Details
- put
  
  boolean put(String id, long lifespanSeconds)
  
  Records a token as revoked.
  
  Parameters:
  
  id - the unique identifier of the token (typically its jti claim).
  
  lifespanSeconds - the remaining lifespan of the token in seconds. The revocation entry will be kept for at least this long to prevent the token from being accepted during its remaining validity.
  
  Returns:
  
  true if the token was newly revoked; false if it was already revoked.
- contains
  
  boolean contains(String id)
  
  Checks whether a token has been revoked.
  
  Parameters:
  
  id - the unique identifier of the token (typically its jti claim).
  
  Returns:
  
  true if the token is currently revoked; false otherwise.

Interface RevokedTokenProvider

Method Summary

Methods inherited from interface org.keycloak.provider.Provider

Method Details

put

contains