I am getting started with securing my webapp using KeycloakOIDCFilter ,
For logout my application redirects to url <raw>
http://auth-server/auth/realms/{realm-name}/protocol/openid-connect/logou...;,
this clears the session in keycloack, but application continues to show
secured pages, and this filter pulls security information
(SerializableKeycloakAccount) from cache.
by removing KeycloakAccount.class.getName() attribute from session and
redirect to auth-server
is redirecting to login page , and preventing acces to secured pages
after logout,
Is this how logout should be implemented ?
This filter also has PreAuthActionsHandler, this has handleLogout ,
should application use this ?