[keycloak-dev] Idle timeout notificaion

Bill Burke bburke at redhat.com
Thu Jul 2 07:02:54 EDT 2015 

Ya, then its just a periodic javascript call to the validate token endpoint.

On 7/2/2015 6:56 AM, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Thursday, 2 July, 2015 12:54:04 PM
>> Subject: Re: [keycloak-dev] Idle timeout notificaion
>>
>> I thought we already had the ability in the javascript adapter to check
>> for logout via the iframe trick?  Your demo at Devnation showed this.
>
> Yes, but it only works for a manual logout where the session cookie is invalidated. If user is remotely logged-out or the session times out there's no update.
>
>>
>> On 7/2/2015 3:23 AM, Stian Thorgersen wrote:
>>> Having this baked in is a nice to have, but hard to implemented and we have
>>> higher priorities.
>>>
>>> Create a JIRA for it.
>>>
>>> In the mean time depending on the load the customer has they can also
>>> implement this functionality on their end by using short access token
>>> lifespans and making the js adapter refresh the token with a background
>>> timer. If the js adapter fails to refresh the token it should tell the
>>> user it has been logged-out. Something like:
>>>
>>>       window.setInterval(function() {
>>>           keycloak.updateToken(10).error(function() { alert('user
>>>           logged-out'); });
>>>         }, 30000);
>>>
>>> ----- Original Message -----
>>>> From: "Bill Burke" <bburke at redhat.com>
>>>> To: keycloak-dev at lists.jboss.org
>>>> Sent: Wednesday, 1 July, 2015 2:51:47 PM
>>>> Subject: Re: [keycloak-dev] Idle timeout notificaion
>>>>
>>>>
>>>>
>>>> On 7/1/2015 7:58 AM, Stan Silvert wrote:
>>>>> On 6/30/2015 6:31 PM, Bill Burke wrote:
>>>>>>
>>>>>> On 6/30/2015 6:26 PM, Bill Burke wrote:
>>>>>>> Again, you expect this to work?  If the "user" is a browser, there is
>>>>>>> no
>>>>>>> way to notify them other than the iframe + javascript trick that is
>>>>>>> provided by OpenID Connect and provided support for keycloak.js
>>>>>> Sorry, I mistyped:
>>>>>>
>>>>>> Again, *how* do you expect this to work?  If the "user" is a browser,
>>>>>> there is no way to notify them other than the iframe + javascript trick
>>>>>> that is provided by OpenID Connect and provided support for keycloak.js
>>>>>>
>>>>> At this point, I don't care that much about implementation details. I
>>>>> only care about what we will tell the customer about whether or not we
>>>>> will implement this feature.  Of course, part of the answer might depend
>>>>> on how cleanly it can be implemented.  But the larger question is just
>>>>> about whether it is something Keycloak should provide.
>>>>>
>>>>> Is this the kind of feature we ought to implement?  I can tell them
>>>>> "yes", "no", or "maybe".  But no matter which one we pick, I also need a
>>>>> rationale for the decision.
>>>>
>>>> We need to have backchannel logout happen when the session expiration
>>>> thread finds old sessions.  Also might be useful to break out the iframe
>>>> OpenID trick into a smaller javascript library so that servlet apps can
>>>> do it.
>>>>
>>>> http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification
>>>>
>>>>
>>>>
>>>> --
>>>> Bill Burke
>>>> JBoss, a division of Red Hat
>>>> http://bill.burkecentral.com
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list