[keycloak-user] API not protected immediately after logout
José Miguel Gonçalves
jose.goncalves at inov.pt
Tue Mar 20 15:07:15 EDT 2018
Hi,
To test a scenario of a Node.js RESTfull service secured by Keycloak
(3.4.3.Final), I've setup a Node.js server and a HTML5 client using
example code from https://github.com/keycloak/keycloak-quickstarts
('service-nodejs' and 'app-jee-html5').
While everything seems fine at first glance, there is an issue after I
logout on the app.
After logging out, I see that I continue to have access to the protected
endpoints for some short time (about 1 minute after logout).
Am I missing some configuration or is this a bug on Keycloak?
Regards,
José Gonçalves
More information about the keycloak-user
mailing list