Issue with single logout

0
votes

I integrated keycloak with my Spring Boot application. I have an issue with logout. Right now I'm using

POST http://localhost:8080/auth/realms//protocol/openid-connect/logout

Authorization: Bearer Content-Type: application/x-www-form-urlencoded

The issue is that this log out API allows to log out from one device. Let's consider If I log in from more than one devices and log out from one then still my other device application is logged in. Is any way to make my application single logout so If I log out from one device My account log out from all devices.

1
spring-bootkeycloak

1 Answers

0
votes

Looking at your question(given no code examples so far) I am assuming that you 'do' allow multiple login from different devices. And possibly you're looking for more ethical answer. In such case, your solution should be based on token state.

Generally speaking you cannot magically logout from all devices at once based on KeyCloack level. For example, If you login in gmail from different devices, on logout action you not be logged out of all devices unless you explicitly have control in application instructing logout from all devices.

You will need token state check in your application which will identify if you have valid token state (possibly an addtional SAML attribute in your SAML response). You can differenciate your POSt requests as logout and logoutAll.

But you will still endup with stale application state in other devices as you have third party Identity provider - KeyCloack. utill you perform some action which tries to validate your token and fails therefore logs you out based on logoutAll request.