[keycloak-dev] logout for keycloak.js
Bill Burke
bburke at redhat.com
Thu Mar 27 13:01:22 EDT 2014
It is mitigated somewhat as when a logout happens I set a
UserModel.notBefore setting. So refresh tokens will be invalidated.
But there is a window between when the logout occurs and when the access
token expires.
On 3/27/2014 12:53 PM, Stian Thorgersen wrote:
> Single-Sign Out is also an issue with other types of "public" clients such a mobile apps, and oauth clients.
>
> I'll have a look once I get the first round of audit work completed.
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Thursday, 27 March, 2014 4:36:02 PM
>> Subject: [keycloak-dev] logout for keycloak.js
>>
>> This may be useful:
>>
>> http://openid.net/specs/openid-connect-session-1_0.html
>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list