[keycloak-user] Session state iframe doesn't work reliably

[Виталий Ищенко]

Hello

I'm trying to setup seamless logout flow for SPA, but falling into issue in
the following scenario

User is logged-in with a public client using code grant and check login
iframe enabled.
I see that KEYCLOAK_SESSION cookie is set during code exchange phase, and
later used in iframe to validate user session

Application refreshes token using refresh_token when access_token is close
to expiration

Now I log user out from application using Keycloak admin app

I do not expect that user should be logged-out immediately.
But what I do expect is to get error response from a token endpoint, when I
will try to refresh token next time.
Response, returned by OP, doesn't have Cors Headers, so application can't
access any information from response that will allow distinguishing between
network error and cors related errors

Other option may be to clear cookie in response to token endpoint call

Any help will be appreciated