[keycloak-dev] openid connect logout is weird
Bill Burke
bburke at redhat.com
Wed Feb 5 09:56:10 EST 2014
It seems to exist for mobile apps to get rid of a distribute call.
On 2/5/2014 9:54 AM, Stian Thorgersen wrote:
> Haven't read up on OpenID Connect yet, but it does seem a bit hack'ish. With cors support I don't see why the same couldn't be achieved with a ajax request.
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 5 February, 2014 2:11:01 PM
>> Subject: [keycloak-dev] openid connect logout is weird
>>
>> http://openid.net/specs/openid-connect-session-1_0.html
>>
>> They set up invisible iframes so that an app can query the auth server's
>> iframe to check to see if the login cookie is still set. Doesn't that
>> seem weird?
>>
>> Was kind of hoping for a REST interface back to the application like we
>> currently have.
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list