[keycloak-dev] Idle timeout notificaion

Stian Thorgersen stian at redhat.com
Thu Jul 2 07:13:18 EDT 2015



----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Thursday, 2 July, 2015 1:02:54 PM
> Subject: Re: [keycloak-dev] Idle timeout notificaion
> 
> Ya, then its just a periodic javascript call to the validate token endpoint.

Or just refresh token regularly as I suggested ;)

> 
> On 7/2/2015 6:56 AM, Stian Thorgersen wrote:
> >
> >
> > ----- Original Message -----
> >> From: "Bill Burke" <bburke at redhat.com>
> >> To: "Stian Thorgersen" <stian at redhat.com>
> >> Cc: keycloak-dev at lists.jboss.org
> >> Sent: Thursday, 2 July, 2015 12:54:04 PM
> >> Subject: Re: [keycloak-dev] Idle timeout notificaion
> >>
> >> I thought we already had the ability in the javascript adapter to check
> >> for logout via the iframe trick?  Your demo at Devnation showed this.
> >
> > Yes, but it only works for a manual logout where the session cookie is
> > invalidated. If user is remotely logged-out or the session times out
> > there's no update.
> >
> >>
> >> On 7/2/2015 3:23 AM, Stian Thorgersen wrote:
> >>> Having this baked in is a nice to have, but hard to implemented and we
> >>> have
> >>> higher priorities.
> >>>
> >>> Create a JIRA for it.
> >>>
> >>> In the mean time depending on the load the customer has they can also
> >>> implement this functionality on their end by using short access token
> >>> lifespans and making the js adapter refresh the token with a background
> >>> timer. If the js adapter fails to refresh the token it should tell the
> >>> user it has been logged-out. Something like:
> >>>
> >>>       window.setInterval(function() {
> >>>           keycloak.updateToken(10).error(function() { alert('user
> >>>           logged-out'); });
> >>>         }, 30000);
> >>>
> >>> ----- Original Message -----
> >>>> From: "Bill Burke" <bburke at redhat.com>
> >>>> To: keycloak-dev at lists.jboss.org
> >>>> Sent: Wednesday, 1 July, 2015 2:51:47 PM
> >>>> Subject: Re: [keycloak-dev] Idle timeout notificaion
> >>>>
> >>>>
> >>>>
> >>>> On 7/1/2015 7:58 AM, Stan Silvert wrote:
> >>>>> On 6/30/2015 6:31 PM, Bill Burke wrote:
> >>>>>>
> >>>>>> On 6/30/2015 6:26 PM, Bill Burke wrote:
> >>>>>>> Again, you expect this to work?  If the "user" is a browser, there is
> >>>>>>> no
> >>>>>>> way to notify them other than the iframe + javascript trick that is
> >>>>>>> provided by OpenID Connect and provided support for keycloak.js
> >>>>>> Sorry, I mistyped:
> >>>>>>
> >>>>>> Again, *how* do you expect this to work?  If the "user" is a browser,
> >>>>>> there is no way to notify them other than the iframe + javascript
> >>>>>> trick
> >>>>>> that is provided by OpenID Connect and provided support for
> >>>>>> keycloak.js
> >>>>>>
> >>>>> At this point, I don't care that much about implementation details. I
> >>>>> only care about what we will tell the customer about whether or not we
> >>>>> will implement this feature.  Of course, part of the answer might
> >>>>> depend
> >>>>> on how cleanly it can be implemented.  But the larger question is just
> >>>>> about whether it is something Keycloak should provide.
> >>>>>
> >>>>> Is this the kind of feature we ought to implement?  I can tell them
> >>>>> "yes", "no", or "maybe".  But no matter which one we pick, I also need
> >>>>> a
> >>>>> rationale for the decision.
> >>>>
> >>>> We need to have backchannel logout happen when the session expiration
> >>>> thread finds old sessions.  Also might be useful to break out the iframe
> >>>> OpenID trick into a smaller javascript library so that servlet apps can
> >>>> do it.
> >>>>
> >>>> http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Bill Burke
> >>>> JBoss, a division of Red Hat
> >>>> http://bill.burkecentral.com
> >>>> _______________________________________________
> >>>> keycloak-dev mailing list
> >>>> keycloak-dev at lists.jboss.org
> >>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>>>
> >>
> >> --
> >> Bill Burke
> >> JBoss, a division of Red Hat
> >> http://bill.burkecentral.com
> >>
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> 


More information about the keycloak-dev mailing list