[keycloak-dev] Idle timeout notificaion
Bill Burke
bburke at redhat.com
Wed Jul 1 08:51:47 EDT 2015
On 7/1/2015 7:58 AM, Stan Silvert wrote:
> On 6/30/2015 6:31 PM, Bill Burke wrote:
>>
>> On 6/30/2015 6:26 PM, Bill Burke wrote:
>>> Again, you expect this to work? If the "user" is a browser, there is no
>>> way to notify them other than the iframe + javascript trick that is
>>> provided by OpenID Connect and provided support for keycloak.js
>> Sorry, I mistyped:
>>
>> Again, *how* do you expect this to work? If the "user" is a browser,
>> there is no way to notify them other than the iframe + javascript trick
>> that is provided by OpenID Connect and provided support for keycloak.js
>>
> At this point, I don't care that much about implementation details. I
> only care about what we will tell the customer about whether or not we
> will implement this feature. Of course, part of the answer might depend
> on how cleanly it can be implemented. But the larger question is just
> about whether it is something Keycloak should provide.
>
> Is this the kind of feature we ought to implement? I can tell them
> "yes", "no", or "maybe". But no matter which one we pick, I also need a
> rationale for the decision.
We need to have backchannel logout happen when the session expiration
thread finds old sessions. Also might be useful to break out the iframe
OpenID trick into a smaller javascript library so that servlet apps can
do it.
http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list