How is logout really working and can we bypass the logout-confirm page?

thomasdarimont · May 17, 2022, 2:02pm

Hello,

Keycloak recently changed the logout behavior as documented in this blog post on Keycloak 18.0.0.

You now have to provide additonal URL parameters when you invoke the endsession endpoint:
https://www.keycloak.org/docs/latest/server_admin/#_oidc-logout

id_token_hint = idtoken received by your client
post_logout_redirect_uri = url where you want to go after logout

For example in some SPAs that use keycloak.js I provide the required URL parameters as follows:

        // workaround for changes with oidc logout in Keycloak 18.0.0
        // See https://www.keycloak.org/docs/latest/upgrading/index.html#openid-connect-logout
        keycloak.createLogoutUrl = function(options) {
            return keycloak.endpoints.logout()
                + '?id_token_hint=' + keycloak.idToken
                + '&post_logout_redirect_uri=' + encodeURIComponent(window.location.href);
        }

Cheers,
Thomas

Topic		Replies	Views
Logging out with OIDC, post_redirect_uri and client_id Configuring the server	2	29401	March 5, 2024
Identity broker logout request send to external identity provider don't contain id_token_hint Configuring the server identity-brokering , oidc	1	780	February 23, 2024
Keycloak 18 + React logout issue Getting advice authentication , oidc	15	6813	March 23, 2023
RP-initiated logout - what id token to use as id_token_hint? Getting advice	4	11390	December 15, 2024
Keycloak js doesn`t logout user from external open id provider Getting advice	7	7255	July 15, 2021

How is logout really working and can we bypass the logout-confirm page?

Related topics