Package org.keycloak.protocol.oidc.endpoints

Class LogoutEndpoint

    • Method Detail

      • issueUserInfoPreflight

        @Path("/")
@OPTIONS
public javax.ws.rs.core.Response issueUserInfoPreflight()

      • logout

        @GET
public javax.ws.rs.core.Response logout​(@QueryParam("redirect_uri")
                                        String deprecatedRedirectUri,
                                        @QueryParam("id_token_hint")
                                        String encodedIdToken,
                                        @QueryParam("client_id")
                                        String clientId,
                                        @QueryParam("post_logout_redirect_uri")
                                        String postLogoutRedirectUri,
                                        @QueryParam("state")
                                        String state,
                                        @QueryParam("ui_locales")
                                        String uiLocales,
                                        @QueryParam("initiating_idp")
                                        String initiatingIdp)
        Logout user session. User must be logged in via a session cookie. When the logout is initiated by a remote idp, the parameter "initiating_idp" can be supplied. This param will prevent upstream logout (since the logout procedure has already been started in the remote idp). This endpoint is aligned with OpenID Connect RP-Initiated Logout specification https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout All parameters are optional. Some combinations of parameters are invalid as described in the specification
        Parameters:
        deprecatedRedirectUri - Parameter "redirect_uri" is not supported by the specification. It is here just for the backwards compatibility
        encodedIdToken - Parameter "id_token_hint" as described in the specification.
        clientId - Parameter "client_id" as described in the specification.
        postLogoutRedirectUri - Parameter "post_logout_redirect_uri" as described in the specification with the URL to redirect after logout.
        state - Parameter "state" as described in the specification. Will be used to send "state" when redirecting back to the application after the logout
        uiLocales - Parameter "ui_locales" as described in the specification. Can be used by the client to display pages in specified locale (if any pages are going to be displayed to the user during logout)
        initiatingIdp - The alias of the idp initiating the logout.
        Returns:

      • logout

        @POST
@Consumes("application/x-www-form-urlencoded")
public javax.ws.rs.core.Response logout()
        This endpoint can be used either as: - OpenID Connect RP-Initiated Logout POST endpoint according to the specification https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout - Legacy Logout endpoint with refresh_token as an argument and client authentication needed. See logoutToken() for more details
        Returns:
        response

      • logoutConfirmAction

        @Path("/logout-confirm")
@POST
@Consumes("application/x-www-form-urlencoded")
public javax.ws.rs.core.Response logoutConfirmAction()

      • logoutConfirmGet

        @Path("/logout-confirm")
@GET
public javax.ws.rs.core.Response logoutConfirmGet()

      • backchannelLogout

        @Path("/backchannel-logout")
@POST
@Consumes("application/x-www-form-urlencoded")
public javax.ws.rs.core.Response backchannelLogout()
        Backchannel logout endpoint implementation for Keycloak, which tries to logout the user from all sessions via POST with a valid LogoutToken. Logout a session via a non-browser invocation. Will be implemented as a backchannel logout based on the specification https://openid.net/specs/openid-connect-backchannel-1_0.html
        Returns: