Re: [keycloak-dev] Idle timeout notificaion

On 6/30/2015 9:22 AM, Bill Burke wrote: > > On 6/30/2015 8:23 AM, Stan Silvert wrote: >> On 6/29/2015 8:34 PM, Bill Burke wrote: >>> On 6/29/2015 5:39 PM, Stan Silvert wrote: >>>> On 6/29/2015 5:26 PM, Bill Burke wrote: >>>>> We do need some way to listen at the adapter level for a logout event >>>>> sent by the auth server. Undertow and Tomcat and Jetty all have ways to >>>>> listen for session invalidation events I believe too. Not sure if the >>>>> servlet spec has something standard. >>>> Yes, the servlet spec has HttpSessionListener with a sessionDestroyed() >>>> callback. >>>> >>>> We could come up with some javascript that you put on the client side >>>> that registers with the adapter and gets notified of session >>>> invalidation. I'm just wondering if it's something we should provide or >>>> not. >>> Javascript adapter already checks for logout. >>> >> What would you suggest for apps that use the other adapters? > They should use regular servlet means to timeout the session. > That's not what I'm asking about. I'm asking if we should provide a standard callback to the client when the timeout occurs. The client wants to provide a notification to the user about the session timeout. Right now, it is up to each application to build their own infrastructure for doing that.

But we could provide an out of the box solution that works for the entire realm. What we would need is a standard way for the client to register a callback with our adapters. Or it could register the callback with the Keycloak server. (Or a heartbeat instead of a callback. There are many ways to do this.) The main point is that Keycloak could provide a realm-wide solution. That's what the customer is wanting.