On 16 December 2016 at 15:39, ruiwp13 <ruiwp_93(a)hotmail.com> wrote:
Just to see if all the steps I performed are OK:
1. I access a secured location from my API
2. I get redirected to keycloak login page
3. After logging in I get redirected to my API which returns true for
HttpServletRequest.authenticate meaning I'm authenticated and I can get
the
access_token from the keycloak security context
4. I set header with Authorization "Bearer " + {access_token}
5. I access the logout method where HttpServletRequest.logout is performed.
Is this the correct flow?
Yes, it's strange that I get invalid_token, doesn't make sense specially
because if I make HttpServletRequest.authenticate in the logout method it
says that I am authenticated
Why would you call HttpServletRequest.authenticate within the logout? That
makes no sense.
--
View this message in context:
http://keycloak-user.88327.x6.
nabble.com/Login-without-Keycloak-Login-Page-tp1974p2017.html
Sent from the keycloak-user mailing list archive at
Nabble.com.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user