[keycloak-dev] Idle timeout notificaion

Stian Thorgersen stian at redhat.com
Thu Jul 2 03:23:52 EDT 2015


Having this baked in is a nice to have, but hard to implemented and we have higher priorities.

Create a JIRA for it.

In the mean time depending on the load the customer has they can also implement this functionality on their end by using short access token lifespans and making the js adapter refresh the token with a background timer. If the js adapter fails to refresh the token it should tell the user it has been logged-out. Something like:

    window.setInterval(function() {
        keycloak.updateToken(10).error(function() { alert('user logged-out'); });
      }, 30000);

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Wednesday, 1 July, 2015 2:51:47 PM
> Subject: Re: [keycloak-dev] Idle timeout notificaion
> 
> 
> 
> On 7/1/2015 7:58 AM, Stan Silvert wrote:
> > On 6/30/2015 6:31 PM, Bill Burke wrote:
> >>
> >> On 6/30/2015 6:26 PM, Bill Burke wrote:
> >>> Again, you expect this to work?  If the "user" is a browser, there is no
> >>> way to notify them other than the iframe + javascript trick that is
> >>> provided by OpenID Connect and provided support for keycloak.js
> >> Sorry, I mistyped:
> >>
> >> Again, *how* do you expect this to work?  If the "user" is a browser,
> >> there is no way to notify them other than the iframe + javascript trick
> >> that is provided by OpenID Connect and provided support for keycloak.js
> >>
> > At this point, I don't care that much about implementation details. I
> > only care about what we will tell the customer about whether or not we
> > will implement this feature.  Of course, part of the answer might depend
> > on how cleanly it can be implemented.  But the larger question is just
> > about whether it is something Keycloak should provide.
> >
> > Is this the kind of feature we ought to implement?  I can tell them
> > "yes", "no", or "maybe".  But no matter which one we pick, I also need a
> > rationale for the decision.
> 
> We need to have backchannel logout happen when the session expiration
> thread finds old sessions.  Also might be useful to break out the iframe
> OpenID trick into a smaller javascript library so that servlet apps can
> do it.
> 
> http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification
> 
> 
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 


More information about the keycloak-dev mailing list