[keycloak-user] API not protected immediately after logout

Tuesday, 20 March 2018

Hi,

To test a scenario of a Node.js RESTfull service secured by Keycloak 
(3.4.3.Final), I've setup a Node.js server and a HTML5 client using 
example code from https://github.com/keycloak/keycloak-quickstarts 
('service-nodejs' and 'app-jee-html5').
While everything seems fine at first glance, there is an issue after I 
logout on the app.
After logging out, I see that I continue to have access to the protected 
endpoints for some short time (about 1 minute after logout).
Am I missing some configuration or is this a bug on Keycloak?

Regards,
José Gonçalves

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

[keycloak-user] API not protected immediately after logout