According to this code:https://github.com/keycloak/keycloak/blob/master/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/CookieTokenStore.java#L100
The cookie is only reset at the place where the logout path is. For instance:
Applications serve at /foo/app and /bar/appAnd logout path is just /logout
In that case that won’t work because cookiePath for removeCookie would be /logout.
The problem is the user is still logged in within the period of Access Token Lifespan.
It doesn’t make sense to have different logout URL for each application as such /bar/logout and /foo/logout .
Is there a way to just keep single logout which logs out the user for each application?
Thanks,Sarp Kaya
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user