Class LogoutEndpoint
- java.lang.Object
-
- org.keycloak.protocol.oidc.endpoints.LogoutEndpoint
-
public class LogoutEndpoint extends Object
- Author:
- Stian Thorgersen
-
-
Constructor Summary
Constructors Constructor Description LogoutEndpoint(KeycloakSession session, TokenManager tokenManager, EventBuilder event, OIDCProviderConfig providerConfig)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description javax.ws.rs.core.Response
backchannelLogout()
Backchannel logout endpoint implementation for Keycloak, which tries to logout the user from all sessions via POST with a valid LogoutToken.javax.ws.rs.core.Response
issueUserInfoPreflight()
javax.ws.rs.core.Response
logout()
This endpoint can be used either as: - OpenID Connect RP-Initiated Logout POST endpoint according to the specification https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout - Legacy Logout endpoint with refresh_token as an argument and client authentication needed.javax.ws.rs.core.Response
logout(String deprecatedRedirectUri, String encodedIdToken, String clientId, String postLogoutRedirectUri, String state, String uiLocales, String initiatingIdp)
Logout user session.javax.ws.rs.core.Response
logoutConfirmAction()
javax.ws.rs.core.Response
logoutConfirmGet()
-
-
-
Constructor Detail
-
LogoutEndpoint
public LogoutEndpoint(KeycloakSession session, TokenManager tokenManager, EventBuilder event, OIDCProviderConfig providerConfig)
-
-
Method Detail
-
issueUserInfoPreflight
@Path("/") @OPTIONS public javax.ws.rs.core.Response issueUserInfoPreflight()
-
logout
@GET public javax.ws.rs.core.Response logout(@QueryParam("redirect_uri") String deprecatedRedirectUri, @QueryParam("id_token_hint") String encodedIdToken, @QueryParam("client_id") String clientId, @QueryParam("post_logout_redirect_uri") String postLogoutRedirectUri, @QueryParam("state") String state, @QueryParam("ui_locales") String uiLocales, @QueryParam("initiating_idp") String initiatingIdp)
Logout user session. User must be logged in via a session cookie. When the logout is initiated by a remote idp, the parameter "initiating_idp" can be supplied. This param will prevent upstream logout (since the logout procedure has already been started in the remote idp). This endpoint is aligned with OpenID Connect RP-Initiated Logout specification https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout All parameters are optional. Some combinations of parameters are invalid as described in the specification- Parameters:
deprecatedRedirectUri
- Parameter "redirect_uri" is not supported by the specification. It is here just for the backwards compatibilityencodedIdToken
- Parameter "id_token_hint" as described in the specification.clientId
- Parameter "client_id" as described in the specification.postLogoutRedirectUri
- Parameter "post_logout_redirect_uri" as described in the specification with the URL to redirect after logout.state
- Parameter "state" as described in the specification. Will be used to send "state" when redirecting back to the application after the logoutuiLocales
- Parameter "ui_locales" as described in the specification. Can be used by the client to display pages in specified locale (if any pages are going to be displayed to the user during logout)initiatingIdp
- The alias of the idp initiating the logout.- Returns:
-
logout
@POST @Consumes("application/x-www-form-urlencoded") public javax.ws.rs.core.Response logout()
This endpoint can be used either as: - OpenID Connect RP-Initiated Logout POST endpoint according to the specification https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout - Legacy Logout endpoint with refresh_token as an argument and client authentication needed. SeelogoutToken()
for more details- Returns:
- response
-
logoutConfirmAction
@Path("/logout-confirm") @POST @Consumes("application/x-www-form-urlencoded") public javax.ws.rs.core.Response logoutConfirmAction()
-
logoutConfirmGet
@Path("/logout-confirm") @GET public javax.ws.rs.core.Response logoutConfirmGet()
-
backchannelLogout
@Path("/backchannel-logout") @POST @Consumes("application/x-www-form-urlencoded") public javax.ws.rs.core.Response backchannelLogout()
Backchannel logout endpoint implementation for Keycloak, which tries to logout the user from all sessions via POST with a valid LogoutToken. Logout a session via a non-browser invocation. Will be implemented as a backchannel logout based on the specification https://openid.net/specs/openid-connect-backchannel-1_0.html- Returns:
-
-