11:36 a.m.
This may be useful:
http://openid.net/specs/openid-connect-session-1_0.html
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11:53 a.m.
Single-Sign Out is also an issue with other types of "public" clients such a
mobile apps, and oauth clients.
I'll have a look once I get the first round of audit work completed.
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Thursday, 27 March, 2014 4:36:02 PM
Subject: [keycloak-dev] logout for keycloak.js
This may be useful:
http://openid.net/specs/openid-connect-session-1_0.html
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
12:01 p.m.
It is mitigated somewhat as when a logout happens I set a
UserModel.notBefore setting. So refresh tokens will be invalidated.
But there is a window between when the logout occurs and when the access
token expires.
On 3/27/2014 12:53 PM, Stian Thorgersen wrote:
Single-Sign Out is also an issue with other types of
"public" clients such a mobile apps, and oauth clients.
I'll have a look once I get the first round of audit work completed.
----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com>
> To: keycloak-dev(a)lists.jboss.org
> Sent: Thursday, 27 March, 2014 4:36:02 PM
> Subject: [keycloak-dev] logout for keycloak.js
>
> This may be useful:
>
> http://openid.net/specs/openid-connect-session-1_0.html
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
3922
days inactive
3922
days old
2 comments
2 participants
participants (2)
-
Bill Burke -
Stian Thorgersen