Hi,
I am trying to auto revoke a user session after a certain amount of inactivity.
When I detect the user should be logged out,
I call the endpoint /protocol/openid-connect/revoke, then /protocol/openid-connect/logout
and it appears to work, however when the user tries and logs in (calling kecloak.login()), it seems they are already logged in and the user doesnt get prompted to enter their credentials again.
If I dont revoke the refresh token. the logout directs the user to a logout page which I dont want as the user can click back…
I discovered this endpoint from the keycloak logout page
/protocol/openid-connect/logout/logout-confirm?client_id=xxxx&tab_id=xxxx
along with this form input that goes with a logout button
<input type="hidden" name="session_code" value="zzzzz">
I am wondering if there is a way I can call this logout-confirm endpoint to skip the prompt screen?.. I however have worked out from a javascript web client perspecitive where I get the tab_id or session_code to invoke that endpoint…
Any suggestions / help / better ways to force a logout?
Thank you