Using keycloak to revoke jupyter access token

Focus on using keycloak as the authenticator for jupyterhub. Issue is related to revocation of all access tokens.

I am working to identify the proper admin url for allowing keycloak to revoke all access tokens in Jupyter. I have jupyterhub running in kubernetes along with the keycloak instance in its own container. I am able to log into jupyterhub through the oauth2 via keyclock. Everything works well and I am returned to jupyterhub after the login. When I attempt to revoke all access tokens (keycloak → sessions → revokation ), I select “Set to now” and then Push. I get the error back that “Error! Failed to push notBefore to: http://<host>/. Verify availability of failed hosts and try again.” My belief is the url being used for the admin url is not correct. This will allow the auth server to send revokations to jupyterhub.

I tried http://<host>/hub/token as that is documented with " On this page, users can manage their JupyterHub API tokens. They can revoke access and request new tokens for writing scripts against the JupyterHub REST API." found at JupyterHub URL scheme — JupyterHub 2.3.1 documentation

I also tried http://<host>/hub/admin, and http:///hub/api

There is a REST API for http://<host>/users/{name}/tokens/{token_id} but I am unsure how to use this since the path is based on the user so I have not tried this.

I think the only one documented with being associated to revocation of access tokens is the /hub/token url.