Re: [keycloak-user] Issue with logout.
On 24/02/16 10:58, Satyajit Das wrote:
Hi Team we are facing the below issue with logout.
i use login/logout restful service:
after login
i get tokenid say "t1" and refreshtokenid say "rt1"
1) We have registered a webservice as a keycloak client (example
demo123) with access type as bearer.
2) When I call the logout rest service:
if (isPublic()) { // if client is public access type
formparams.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID,
"demo123")); }
URI logoutUri = KeycloakUriBuilder.fromUri(getBaseUrl(request) +
"/auth") .path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH)
.build("RealmName");
the logout gives 204 for client's access type as open.
but when i again hit the service with the token id "t1" after logout.
Still i can get the response. *Note this response doesnt hit keycloak*.
Yes, it
works this way and that's why we suggest to use short lifetimes
for accessToken (1 minute). This means that access token needs to be
refreshed every 1 minute and the request for refreshing token actually
needs to hit Keycloak server (in your case, refresh won't success
because you already did logout).
Marek
Regards,
Satya
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 2.8 KB)