Class LogoutEndpoint


public class LogoutEndpoint extends Object
Stian Thorgersen
  • Constructor Details

  • Method Details

    • issueUserInfoPreflight

      @Path("/") @OPTIONS public issueUserInfoPreflight()
    • logout

      @GET public logout(@QueryParam("redirect_uri") String deprecatedRedirectUri, @QueryParam("id_token_hint") String encodedIdToken, @QueryParam("client_id") String clientId, @QueryParam("post_logout_redirect_uri") String postLogoutRedirectUri, @QueryParam("state") String state, @QueryParam("ui_locales") String uiLocales, @QueryParam("initiating_idp") String initiatingIdp)
      Logout user session. User must be logged in via a session cookie. When the logout is initiated by a remote idp, the parameter "initiating_idp" can be supplied. This param will prevent upstream logout (since the logout procedure has already been started in the remote idp). This endpoint is aligned with OpenID Connect RP-Initiated Logout specification All parameters are optional. Some combinations of parameters are invalid as described in the specification
      deprecatedRedirectUri - Parameter "redirect_uri" is not supported by the specification. It is here just for the backwards compatibility
      encodedIdToken - Parameter "id_token_hint" as described in the specification.
      clientId - Parameter "client_id" as described in the specification.
      postLogoutRedirectUri - Parameter "post_logout_redirect_uri" as described in the specification with the URL to redirect after logout.
      state - Parameter "state" as described in the specification. Will be used to send "state" when redirecting back to the application after the logout
      uiLocales - Parameter "ui_locales" as described in the specification. Can be used by the client to display pages in specified locale (if any pages are going to be displayed to the user during logout)
      initiatingIdp - The alias of the idp initiating the logout.
    • logout

      @POST @Consumes("application/x-www-form-urlencoded") public logout()
      This endpoint can be used either as: - OpenID Connect RP-Initiated Logout POST endpoint according to the specification - Legacy Logout endpoint with refresh_token as an argument and client authentication needed. See logoutToken() for more details
    • logoutConfirmAction

      @Path("/logout-confirm") @POST @Consumes("application/x-www-form-urlencoded") public logoutConfirmAction()
    • logoutConfirmGet

      @Path("/logout-confirm") @GET public logoutConfirmGet()
    • backchannelLogout

      @Path("/backchannel-logout") @POST @Consumes("application/x-www-form-urlencoded") public backchannelLogout()
      Backchannel logout endpoint implementation for Keycloak, which tries to logout the user from all sessions via POST with a valid LogoutToken. Logout a session via a non-browser invocation. Will be implemented as a backchannel logout based on the specification