[KEYCLOAK-10752] - Passing id_token_hint when login out

2021-02-04 11:05:11 -03:00 · 2021-02-04 11:05:11 -03:00 · 1434695616
commit 1434695616
parent 456cdc51f2
1 changed files with 8 additions and 2 deletions
--- a/adapters/oidc/installed/src/main/java/org/keycloak/adapters/installed/KeycloakInstalled.java
+++ b/adapters/oidc/installed/src/main/java/org/keycloak/adapters/installed/KeycloakInstalled.java
@ -197,7 +197,7 @@ public class KeycloakInstalled {
        CallbackListener callback = new CallbackListener();
        callback.start();

-        String redirectUri = String.format("http://%s:%s", getListenHostname(), callback.getLocalPort());
+        String redirectUri = getRedirectUri(callback);
        String state = UUID.randomUUID().toString();
        Pkce pkce = deployment.isPkce() ? generatePkce() : null;

@ -257,10 +257,12 @@ public class KeycloakInstalled {
        CallbackListener callback = new CallbackListener();
        callback.start();

-        String redirectUri = String.format("http://%s:%s", getListenHostname(), callback.getLocalPort());
+        String redirectUri = getRedirectUri(callback);

+        // pass the id_token_hint so that sessions is invalidated for this particular session
        String logoutUrl = deployment.getLogoutUrl().clone()
                .queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
+                .queryParam("id_token_hint", idTokenString)
                .build().toString();

        Desktop.getDesktop().browse(new URI(logoutUrl));
@ -273,6 +275,10 @@ public class KeycloakInstalled {
        }
    }

+    private String getRedirectUri(CallbackListener callback) {
+        return String.format("http://%s:%s", getListenHostname(), callback.getLocalPort());
+    }
+
    public void loginManual() throws IOException, ServerRequest.HttpFailure, VerificationException {
        loginManual(System.out, new InputStreamReader(System.in));
    }