[keycloak-dev] Handle case when KC fails to send logout message to some application - KEYCLOAK 782
kontakt at michalchoinski.pl
Thu Apr 16 05:34:52 EDT 2015
I'm a potential GSOC student dreaming of working on "Keycloak -
Certificate Management" project. I spent last few days analysing the
code, debuging and looking how it really works on the inside.
I'd like to fix a bug which I've chosen from Jira. The issue number is
In OAuth 2.0 specification (RFC6749) I found the following parameters
(within item 22.214.171.124. Error Response) :
The authorization server encountered an unexpected
condition that prevented it from fulfilling the request.
(This error code is needed because a 500 Internal Server
Error HTTP status code cannot be returned to the client
via an HTTP redirect.)
OPTIONAL. Human-readable ASCII [USASCII] text providing
additional information, used to assist the client developer in
understanding the error that occurred.
Values for the "error_description" parameter MUST NOT include
characters outside the set %x20-21 / %x23-5B / %x5D-7E.
So the uri after logout would look like this:
The error_description could be either human readable description or just
an error code. It should be processed on client side. Keycloak.js should
be changed to handle it.
These params should be added to OIDCLoginProtocol and of course to
response when such an error occur.
In first loop iterating on userSessions placed in
AuthenticationManager.browserLogout there should be saving error when
backend logout fails. It could be done by adding a note to userSession
and getting it in finishLogout (first, of course, checking if it exists).
What do you think about the above mentioned solution?
More information about the keycloak-dev