[keycloak-user] Issue with logout.
Marek Posolda
mposolda at redhat.com
Wed Feb 24 06:09:19 EST 2016
On 24/02/16 10:58, Satyajit Das wrote:
> Hi Team we are facing the below issue with logout.
>
> i use login/logout restful service:
>
> after login
> i get tokenid say "t1" and refreshtokenid say "rt1"
>
> 1) We have registered a webservice as a keycloak client (example
> demo123) with access type as bearer.
> 2) When I call the logout rest service:
>
> if (isPublic()) { // if client is public access type
> formparams.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID,
> "demo123")); }
>
> URI logoutUri = KeycloakUriBuilder.fromUri(getBaseUrl(request) +
> "/auth") .path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
> .build("RealmName");
>
> the logout gives 204 for client's access type as open.
>
> but when i again hit the service with the token id "t1" after logout.
> Still i can get the response. *Note this response doesnt hit keycloak*.
Yes, it works this way and that's why we suggest to use short lifetimes
for accessToken (1 minute). This means that access token needs to be
refreshed every 1 minute and the request for refreshing token actually
needs to hit Keycloak server (in your case, refresh won't success
because you already did logout).
Marek
>
> Regards,
> Satya
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160224/ced795fc/attachment.html
More information about the keycloak-user
mailing list