[keycloak-dev] OAuth2 revoke

Marek Posolda mposolda at redhat.com
Mon Sep 22 05:01:23 EDT 2014 

In this config, you specified product-inventory to be public OAuth 
client. In this case, you may delete this line:
https://github.com/corinnekrych/aerogear-backend-cookbook/blob/master/ProductInventory/configuration/testrealm.json#L42
because for public applications/oauth clients, you don't need secret at all.

Also I think the exception with revocation is due to incorrect 
configuration of this application: 
https://github.com/corinnekrych/aerogear-backend-cookbook/blob/master/ProductInventory/configuration/testrealm.json#L64. 
Do you really have this application running and deployed on 
localhost:8081 ? If not, you can either delete this or update 
configurations.

Also it might be good to update to Keycloak 1.0.1.Final as Stian added 
this fix: https://issues.jboss.org/browse/KEYCLOAK-682 which cause that 
logout is not send to all applications, but just to those when user is 
really logged into.

Marek



On 22.9.2014 10:28, Corinne Krych wrote:
> Yep indeed i think it’s an error of configuration but not sure which one i should change. In my use case it’s a oauth2 client app. whe re should I specify the URL redirect for logout?
> See my config  file here:
> https://github.com/corinnekrych/aerogear-backend-cookbook/blob/master/ProductInventory/configuration/testrealm.json#L39
>
> do I need to define a product-inventory app? or a simple oauth2 client is enough?
>
> Best Regards,
> Corinne
> On 22 Sep 2014, at 09:44, Marek Posolda <mposolda at redhat.com> wrote:
>
>> Hi,
>>
>> there is exception in the log like:
>>
>> Caused by: org.apache.http.conn.HttpHostConnectException: Connection to http://localhost:8081 refused
>>
>> isn't it possible that adminURL for some of your applications is not configured correctly (like there is localhost:8081 instead of localhost:8080)?
>>
>> Btv. I've created JIRA https://issues.jboss.org/browse/KEYCLOAK-709 as currently it seems that if ResourceAdminManager.logoutUser wants to call logout to more applications (like app1 and app2) and logout to app1 fails, then RuntimeException is thrown and logout to app2 is not called at all, which doesn't seem to be correct behaviour to me.
>>
>> Marek
>>
>>
>> On 20.9.2014 17:48, Corinne Krych wrote:
>>> Hello
>>>
>>> Trying to implement AGIOS-206 [1] linked to [2], what iI need is a revoke of all tokens (refresh and access token).
>>>
>>> I've tried ‘logout’ with a refresh token this endpoint:
>>> http://docs.jboss.org/keycloak/docs/1.0.1.Final/rest-api/realms/%7Brealm%7D/tokens/logout/index.html#POST
>>> for a public client.
>>> I run appliance 1.0-final distribution of key cloak.
>>>
>>> But I run into this exception [3] after a timeout. Anything else I can try or should I just wait for revoke feature to be implemented in Keycloak?
>>>
>>> ++
>>> Corinne
>>>
>>> [1] https://issues.jboss.org/browse/AGIOS-206
>>> [2] https://issues.jboss.org/browse/KEYCLOAK-312
>>> [3] https://gist.github.com/corinnekrych/53bd73c4e047281a94f1
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list