Class LogoutEndpoint
java.lang.Object
org.keycloak.protocol.oidc.endpoints.LogoutEndpoint
- Author:
- Stian Thorgersen
-
Constructor Summary
ConstructorDescriptionLogoutEndpoint
(KeycloakSession session, TokenManager tokenManager, EventBuilder event, OIDCProviderConfig providerConfig) -
Method Summary
Modifier and TypeMethodDescriptionjakarta.ws.rs.core.Response
Backchannel logout endpoint implementation for Keycloak, which tries to logout the user from all sessions via POST with a valid LogoutToken.jakarta.ws.rs.core.Response
jakarta.ws.rs.core.Response
logout()
This endpoint can be used either as: - OpenID Connect RP-Initiated Logout POST endpoint according to the specification https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout - Legacy Logout endpoint with refresh_token as an argument and client authentication needed.jakarta.ws.rs.core.Response
logout
(String deprecatedRedirectUri, String encodedIdToken, String clientId, String postLogoutRedirectUri, String state, String uiLocales, String initiatingIdp) Logout user session.jakarta.ws.rs.core.Response
jakarta.ws.rs.core.Response
-
Constructor Details
-
LogoutEndpoint
public LogoutEndpoint(KeycloakSession session, TokenManager tokenManager, EventBuilder event, OIDCProviderConfig providerConfig)
-
-
Method Details
-
issueUserInfoPreflight
@Path("/") @OPTIONS public jakarta.ws.rs.core.Response issueUserInfoPreflight() -
logout
@GET public jakarta.ws.rs.core.Response logout(@QueryParam("redirect_uri") String deprecatedRedirectUri, @QueryParam("id_token_hint") String encodedIdToken, @QueryParam("client_id") String clientId, @QueryParam("post_logout_redirect_uri") String postLogoutRedirectUri, @QueryParam("state") String state, @QueryParam("ui_locales") String uiLocales, @QueryParam("initiating_idp") String initiatingIdp) Logout user session. User must be logged in via a session cookie. When the logout is initiated by a remote idp, the parameter "initiating_idp" can be supplied. This param will prevent upstream logout (since the logout procedure has already been started in the remote idp). This endpoint is aligned with OpenID Connect RP-Initiated Logout specification https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout All parameters are optional. Some combinations of parameters are invalid as described in the specification- Parameters:
deprecatedRedirectUri
- Parameter "redirect_uri" is not supported by the specification. It is here just for the backwards compatibilityencodedIdToken
- Parameter "id_token_hint" as described in the specification.clientId
- Parameter "client_id" as described in the specification.postLogoutRedirectUri
- Parameter "post_logout_redirect_uri" as described in the specification with the URL to redirect after logout.state
- Parameter "state" as described in the specification. Will be used to send "state" when redirecting back to the application after the logoutuiLocales
- Parameter "ui_locales" as described in the specification. Can be used by the client to display pages in specified locale (if any pages are going to be displayed to the user during logout)initiatingIdp
- The alias of the idp initiating the logout.- Returns:
-
logout
@POST @Consumes("application/x-www-form-urlencoded") public jakarta.ws.rs.core.Response logout()This endpoint can be used either as: - OpenID Connect RP-Initiated Logout POST endpoint according to the specification https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout - Legacy Logout endpoint with refresh_token as an argument and client authentication needed. SeelogoutToken()
for more details- Returns:
- response
-
logoutConfirmAction
@Path("/logout-confirm") @POST @Consumes("application/x-www-form-urlencoded") public jakarta.ws.rs.core.Response logoutConfirmAction() -
logoutConfirmGet
@Path("/logout-confirm") @GET public jakarta.ws.rs.core.Response logoutConfirmGet() -
backchannelLogout
@Path("/backchannel-logout") @POST @Consumes("application/x-www-form-urlencoded") public jakarta.ws.rs.core.Response backchannelLogout()Backchannel logout endpoint implementation for Keycloak, which tries to logout the user from all sessions via POST with a valid LogoutToken. Logout a session via a non-browser invocation. Will be implemented as a backchannel logout based on the specification https://openid.net/specs/openid-connect-backchannel-1_0.html- Returns:
-