Andrea Cosentino created CAMEL-23454:
----------------------------------------
Summary: camel-keycloak: Add token revocation and session logout
operations
Key: CAMEL-23454
URL: https://issues.apache.org/jira/browse/CAMEL-23454
Project: Camel
Issue Type: Improvement
Components: camel-keycloak
Reporter: Andrea Cosentino
The component already supports {{logoutUser}} (which invalidates all sessions
for a single user) and exposes session listing, but does not provide:
# Targeted token revocation (RFC 7009)
# Realm-wide session revocation
# Producer-side token introspection (introspection exists for the security
policy / token cache but cannot be invoked as a producer operation today)
h3. Proposed new KeycloakOperations
* {{revokeAccessToken}} — revoke a specific access token via the OAuth2
revocation endpoint
* {{revokeRefreshToken}} — revoke a refresh token
* {{logoutAllUsers}} — revoke all sessions in a realm
* {{pushNotBefore}} — set a {{notBefore}} policy to invalidate all tokens
issued before now
* {{introspectToken}} — RFC 7662 introspection as a producer operation (reusing
the existing {{KeycloakTokenIntrospector}})
h3. References
* Keycloak token endpoint: {{/realms/\{realm\}/protocol/openid-connect/revoke}}
* Logout-all: {{/admin/realms/\{realm\}/logout-all}}
* Push-not-before: {{/admin/realms/\{realm\}/push-revocation}}
* RFC 7009 (token revocation), RFC 7662 (token introspection)
h3. Acceptance criteria
* All five operations implemented in {{KeycloakProducer}}
* Reuses {{KeycloakTokenIntrospector}} for the introspect operation rather than
duplicating logic
* Integration tests verify revocation + push-not-before against testcontainers
Keycloak
* {{keycloak-component.adoc}} is updated with examples
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
