Package org.keycloak.protocol.oidc.endpoints

Class LogoutEndpoint

java.lang.Object
org.keycloak.protocol.oidc.endpoints.LogoutEndpoint
public class LogoutEndpoint extends Object
Author:
Stian Thorgersen

  • Constructor Details

  • Method Details

    • issueUserInfoPreflight

      @Path("/") @OPTIONS public jakarta.ws.rs.core.Response issueUserInfoPreflight()

    • logout

      @GET public jakarta.ws.rs.core.Response logout(@QueryParam("redirect_uri") String deprecatedRedirectUri, @QueryParam("id_token_hint") String encodedIdToken, @QueryParam("client_id") String clientId, @QueryParam("post_logout_redirect_uri") String postLogoutRedirectUri, @QueryParam("state") String state, @QueryParam("ui_locales") String uiLocales, @QueryParam("initiating_idp") String initiatingIdp)
      Logout user session. User must be logged in via a session cookie. When the logout is initiated by a remote idp, the parameter "initiating_idp" can be supplied. This param will prevent upstream logout (since the logout procedure has already been started in the remote idp). This endpoint is aligned with OpenID Connect RP-Initiated Logout specification https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout All parameters are optional. Some combinations of parameters are invalid as described in the specification
      Parameters:
      deprecatedRedirectUri - Parameter "redirect_uri" is not supported by the specification. It is here just for the backwards compatibility
      encodedIdToken - Parameter "id_token_hint" as described in the specification.
      clientId - Parameter "client_id" as described in the specification.
      postLogoutRedirectUri - Parameter "post_logout_redirect_uri" as described in the specification with the URL to redirect after logout.
      state - Parameter "state" as described in the specification. Will be used to send "state" when redirecting back to the application after the logout
      uiLocales - Parameter "ui_locales" as described in the specification. Can be used by the client to display pages in specified locale (if any pages are going to be displayed to the user during logout)
      initiatingIdp - The alias of the idp initiating the logout.
      Returns:

    • logout

      @POST @Consumes("application/x-www-form-urlencoded") public jakarta.ws.rs.core.Response logout()
      This endpoint can be used either as: - OpenID Connect RP-Initiated Logout POST endpoint according to the specification https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout - Legacy Logout endpoint with refresh_token as an argument and client authentication needed. See logoutToken() for more details
      Returns:
      response

    • logoutConfirmAction

      @Path("/logout-confirm") @POST @Consumes("application/x-www-form-urlencoded") public jakarta.ws.rs.core.Response logoutConfirmAction()

    • logoutConfirmGet

      @Path("/logout-confirm") @GET public jakarta.ws.rs.core.Response logoutConfirmGet()

    • backchannelLogout

      @Path("/backchannel-logout") @POST @Consumes("application/x-www-form-urlencoded") public jakarta.ws.rs.core.Response backchannelLogout()
      Backchannel logout endpoint implementation for Keycloak, which tries to logout the user from all sessions via POST with a valid LogoutToken. Logout a session via a non-browser invocation. Will be implemented as a backchannel logout based on the specification https://openid.net/specs/openid-connect-backchannel-1_0.html
      Returns: