Haven't read up on OpenID Connect yet, but it does seem a bit hack'ish. With cors support I don't see why the same couldn't be achieved with a ajax request. ----- Original Message ----- > From: "Bill Burke" <bburke(a)redhat.com&gt; > To: keycloak-dev(a)lists.jboss.org > Sent: Wednesday, 5 February, 2014 2:11:01 PM > Subject: [keycloak-dev] openid connect logout is weird > > http://openid.net/specs/openid-connect-session-1_0.html > > They set up invisible iframes so that an app can query the auth server's > iframe to check to see if the login cookie is still set. Doesn't that > seem weird? > > Was kind of hoping for a REST interface back to the application like we > currently have. > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev >