VSN-2933/ feat(auth): Keycloak session revocation on email change + session validation endpoint (!330) · Requêtes de fusion · adanev / vsn / vsn-user-service · GitLab

fatima senan a demandé de fusionner feature/VSN-2933 vers develop juin 03, 2026

After an email change from the back-office, the user's JWT remained valid until natural expiration

Changes

Keycloak session revocation

After each email update in Keycloak, active sessions are revoked via authServiceImpl.getUserResourceFromKeycloak(userRep.getId()).logout()

Session validation endpoint

SessionValidationController — GET /api/user/internal/validate-session

Public endpoint (already covered by permitAll() on /api/user/**)
Fail open: if Keycloak is unreachable, the request is allowed through