Re: [keycloak-user] API not protected immediately after logout

Tuesday, 20 March 2018

Unless the service calls the token introspection endpoint it won't know
that the access token has expired until it actually expires. That is the
cause of the slight delay from logout. The app should really clear the
tokens after logout.

On 20 March 2018 at 20:07, José Miguel Gonçalves <jose.goncalves(a)inov.pt&gt;
wrote:

...
 Hi,

 To test a scenario of a Node.js RESTfull service secured by Keycloak
 (3.4.3.Final), I've setup a Node.js server and a HTML5 client using
 example code from https://github.com/keycloak/keycloak-quickstarts
 ('service-nodejs' and 'app-jee-html5').
 While everything seems fine at first glance, there is an issue after I
 logout on the app.
 After logging out, I see that I continue to have access to the protected
 endpoints for some short time (about 1 minute after logout).
 Am I missing some configuration or is this a bug on Keycloak?

 Regards,
 José Gonçalves

 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] API not protected immediately after logout