[jira] [Updated] (CAMEL-23454) camel-keycloak: Add token revocation and session logout operations

Fri, 08 May 2026 02:42:54 -0700 


     [ 
https://issues.apache.org/jira/browse/CAMEL-23454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrea Cosentino updated CAMEL-23454:
-------------------------------------
    Fix Version/s: 4.21.0

> camel-keycloak: Add token revocation and session logout operations
> ------------------------------------------------------------------
>
>                 Key: CAMEL-23454
>                 URL: https://issues.apache.org/jira/browse/CAMEL-23454
>             Project: Camel
>          Issue Type: Improvement
>          Components: camel-keycloak
>            Reporter: Andrea Cosentino
>            Assignee: Andrea Cosentino
>            Priority: Major
>             Fix For: 4.21.0
>
>
> The component already supports {{logoutUser}} (which invalidates all sessions 
> for a single user) and exposes session listing, but does not provide:
> # Targeted token revocation (RFC 7009)
> # Realm-wide session revocation
> # Producer-side token introspection (introspection exists for the security 
> policy / token cache but cannot be invoked as a producer operation today)
> h3. Proposed new KeycloakOperations
> * {{revokeAccessToken}} — revoke a specific access token via the OAuth2 
> revocation endpoint
> * {{revokeRefreshToken}} — revoke a refresh token
> * {{logoutAllUsers}} — revoke all sessions in a realm
> * {{pushNotBefore}} — set a {{notBefore}} policy to invalidate all tokens 
> issued before now
> * {{introspectToken}} — RFC 7662 introspection as a producer operation 
> (reusing the existing {{KeycloakTokenIntrospector}})
> h3. References
> * Keycloak token endpoint: 
> {{/realms/\{realm\}/protocol/openid-connect/revoke}}
> * Logout-all: {{/admin/realms/\{realm\}/logout-all}}
> * Push-not-before: {{/admin/realms/\{realm\}/push-revocation}}
> * RFC 7009 (token revocation), RFC 7662 (token introspection)
> h3. Acceptance criteria
> * All five operations implemented in {{KeycloakProducer}}
> * Reuses {{KeycloakTokenIntrospector}} for the introspect operation rather 
> than duplicating logic
> * Integration tests verify revocation + push-not-before against 
> testcontainers Keycloak
> * {{keycloak-component.adoc}} is updated with examples



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to