Package org.keycloak.protocol.oidc.endpoints

Class LogoutEndpoint

java.lang.Object

org.keycloak.protocol.oidc.endpoints.LogoutEndpoint

public class LogoutEndpoint
extends Object

Author:

Stian Thorgersen

Constructor Summary

Constructors

Constructor	Description
LogoutEndpoint(TokenManager tokenManager, org.keycloak.models.RealmModel realm, org.keycloak.events.EventBuilder event)

Method Summary

Modifier and Type	Method	Description
javax.ws.rs.core.Response	backchannelLogout()	Backchannel logout endpoint implementation for Keycloak, which tries to logout the user from all sessions via POST with a valid LogoutToken.
javax.ws.rs.core.Response	issueUserInfoPreflight()
javax.ws.rs.core.Response	logout(String redirectUri, String encodedIdToken, String postLogoutRedirectUri, String state, String initiatingIdp)	Logout user session.
javax.ws.rs.core.Response	logoutToken()	Logout a session via a non-browser invocation.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LogoutEndpoint

public LogoutEndpoint(TokenManager tokenManager,
                      org.keycloak.models.RealmModel realm,
                      org.keycloak.events.EventBuilder event)

Method Detail

issueUserInfoPreflight

@Path("/")
@OPTIONS
public javax.ws.rs.core.Response issueUserInfoPreflight()

logout

@GET
public javax.ws.rs.core.Response logout(@QueryParam("redirect_uri")
                                        String redirectUri,
                                        @QueryParam("id_token_hint")
                                        String encodedIdToken,
                                        @QueryParam("post_logout_redirect_uri")
                                        String postLogoutRedirectUri,
                                        @QueryParam("state")
                                        String state,
                                        @QueryParam("initiating_idp")
                                        String initiatingIdp)

Logout user session. User must be logged in via a session cookie. When the logout is initiated by a remote idp, the parameter "initiating_idp" can be supplied. This param will prevent upstream logout (since the logout procedure has already been started in the remote idp).

Parameters:

redirectUri -

initiatingIdp - The alias of the idp initiating the logout.

Returns:

logoutToken

@POST
@Consumes("application/x-www-form-urlencoded")
public javax.ws.rs.core.Response logoutToken()

Logout a session via a non-browser invocation. Similar signature to refresh token except there is no grant_type. You must pass in the refresh token and authenticate the client if it is not public. If the client is a confidential client you must include the client-id and secret in an Basic Auth Authorization header. If the client is a public client, then you must include a "client_id" form parameter. returns 204 if successful, 400 if not with a json error response.

Returns:

backchannelLogout

@Path("/backchannel-logout")
@POST
@Consumes("application/x-www-form-urlencoded")
public javax.ws.rs.core.Response backchannelLogout()

Backchannel logout endpoint implementation for Keycloak, which tries to logout the user from all sessions via POST with a valid LogoutToken. Logout a session via a non-browser invocation. Will be implemented as a backchannel logout based on the specification https://openid.net/specs/openid-connect-backchannel-1_0.html

Returns: