Having this baked in is a nice to have, but hard to implemented and we have higher
priorities.
Create a JIRA for it.
In the mean time depending on the load the customer has they can also implement this
functionality on their end by using short access token lifespans and making the js adapter
refresh the token with a background timer. If the js adapter fails to refresh the token it
should tell the user it has been logged-out. Something like:
window.setInterval(function() {
keycloak.updateToken(10).error(function() { alert('user logged-out'); });
}, 30000);
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Wednesday, 1 July, 2015 2:51:47 PM
Subject: Re: [keycloak-dev] Idle timeout notificaion
On 7/1/2015 7:58 AM, Stan Silvert wrote:
> On 6/30/2015 6:31 PM, Bill Burke wrote:
>>
>> On 6/30/2015 6:26 PM, Bill Burke wrote:
>>> Again, you expect this to work? If the "user" is a browser, there
is no
>>> way to notify them other than the iframe + javascript trick that is
>>> provided by OpenID Connect and provided support for keycloak.js
>> Sorry, I mistyped:
>>
>> Again, *how* do you expect this to work? If the "user" is a browser,
>> there is no way to notify them other than the iframe + javascript trick
>> that is provided by OpenID Connect and provided support for keycloak.js
>>
> At this point, I don't care that much about implementation details. I
> only care about what we will tell the customer about whether or not we
> will implement this feature. Of course, part of the answer might depend
> on how cleanly it can be implemented. But the larger question is just
> about whether it is something Keycloak should provide.
>
> Is this the kind of feature we ought to implement? I can tell them
> "yes", "no", or "maybe". But no matter which one we
pick, I also need a
> rationale for the decision.
We need to have backchannel logout happen when the session expiration
thread finds old sessions. Also might be useful to break out the iframe
OpenID trick into a smaller javascript library so that servlet apps can
do it.
http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev