Hi everyone!
I'm a potential GSOC student dreaming of working on "Keycloak -
Certificate Management" project. I spent last few days analysing the
code, debuging and looking how it really works on the inside.
I'd like to fix a bug which I've chosen from Jira. The issue number is
KEYCLOAK-782.
In OAuth 2.0 specification (RFC6749) I found the following parameters
(within item 4.1.2.1. Error Response) :
server_error
The authorization server encountered an unexpected
condition that prevented it from fulfilling the request.
(This error code is needed because a 500 Internal Server
Error HTTP status code cannot be returned to the client
via an HTTP redirect.)
error_description
OPTIONAL. Human-readable ASCII [USASCII] text providing
additional information, used to assist the client developer in
understanding the error that occurred.
Values for the "error_description" parameter MUST NOT include
characters outside the set %x20-21 / %x23-5B / %x5D-7E.
So the uri after logout would look like this:
...&error=server_error&error_description=Logout+from+some+apps+failed
The error_description could be either human readable description or just
an error code. It should be processed on client side. Keycloak.js should
be changed to handle it.
These params should be added to OIDCLoginProtocol and of course to
response when such an error occur.
In first loop iterating on userSessions placed in
AuthenticationManager.browserLogout there should be saving error when
backend logout fails. It could be done by adding a note to userSession
and getting it in finishLogout (first, of course, checking if it exists).
What do you think about the above mentioned solution?
best regards,
Michal Choinski
Show replies by date