Ya, then its just a periodic javascript call to the validate token endpoint.
On 7/2/2015 6:56 AM, Stian Thorgersen wrote:
----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com>
> To: "Stian Thorgersen" <stian(a)redhat.com>
> Cc: keycloak-dev(a)lists.jboss.org
> Sent: Thursday, 2 July, 2015 12:54:04 PM
> Subject: Re: [keycloak-dev] Idle timeout notificaion
>
> I thought we already had the ability in the javascript adapter to check
> for logout via the iframe trick? Your demo at Devnation showed this.
Yes, but it only works for a manual logout where the session cookie is invalidated. If
user is remotely logged-out or the session times out there's no update.
>
> On 7/2/2015 3:23 AM, Stian Thorgersen wrote:
>> Having this baked in is a nice to have, but hard to implemented and we have
>> higher priorities.
>>
>> Create a JIRA for it.
>>
>> In the mean time depending on the load the customer has they can also
>> implement this functionality on their end by using short access token
>> lifespans and making the js adapter refresh the token with a background
>> timer. If the js adapter fails to refresh the token it should tell the
>> user it has been logged-out. Something like:
>>
>> window.setInterval(function() {
>> keycloak.updateToken(10).error(function() { alert('user
>> logged-out'); });
>> }, 30000);
>>
>> ----- Original Message -----
>>> From: "Bill Burke" <bburke(a)redhat.com>
>>> To: keycloak-dev(a)lists.jboss.org
>>> Sent: Wednesday, 1 July, 2015 2:51:47 PM
>>> Subject: Re: [keycloak-dev] Idle timeout notificaion
>>>
>>>
>>>
>>> On 7/1/2015 7:58 AM, Stan Silvert wrote:
>>>> On 6/30/2015 6:31 PM, Bill Burke wrote:
>>>>>
>>>>> On 6/30/2015 6:26 PM, Bill Burke wrote:
>>>>>> Again, you expect this to work? If the "user" is a
browser, there is
>>>>>> no
>>>>>> way to notify them other than the iframe + javascript trick that
is
>>>>>> provided by OpenID Connect and provided support for keycloak.js
>>>>> Sorry, I mistyped:
>>>>>
>>>>> Again, *how* do you expect this to work? If the "user" is
a browser,
>>>>> there is no way to notify them other than the iframe + javascript
trick
>>>>> that is provided by OpenID Connect and provided support for
keycloak.js
>>>>>
>>>> At this point, I don't care that much about implementation details.
I
>>>> only care about what we will tell the customer about whether or not we
>>>> will implement this feature. Of course, part of the answer might depend
>>>> on how cleanly it can be implemented. But the larger question is just
>>>> about whether it is something Keycloak should provide.
>>>>
>>>> Is this the kind of feature we ought to implement? I can tell them
>>>> "yes", "no", or "maybe". But no matter
which one we pick, I also need a
>>>> rationale for the decision.
>>>
>>> We need to have backchannel logout happen when the session expiration
>>> thread finds old sessions. Also might be useful to break out the iframe
>>> OpenID trick into a smaller javascript library so that servlet apps can
>>> do it.
>>>
>>>
http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification
>>>
>>>
>>>
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>>
http://bill.burkecentral.com
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
>
http://bill.burkecentral.com
>