Hello
I'm trying to setup seamless logout flow for SPA, but falling into issue in
the following scenario
User is logged-in with a public client using code grant and check login
iframe enabled.
I see that KEYCLOAK_SESSION cookie is set during code exchange phase, and
later used in iframe to validate user session
Application refreshes token using refresh_token when access_token is close
to expiration
Now I log user out from application using Keycloak admin app
I do not expect that user should be logged-out immediately.
But what I do expect is to get error response from a token endpoint, when I
will try to refresh token next time.
Response, returned by OP, doesn't have Cors Headers, so application can't
access any information from response that will allow distinguishing between
network error and cors related errors
Other option may be to clear cookie in response to token endpoint call
Any help will be appreciated