From d98c37549559d7c65a3d26526d749b92676e54c7 Mon Sep 17 00:00:00 2001
From: sebastien blanc <scm.blanc@gmail.com>
Date: Wed, 2 Nov 2016 11:39:37 +0100
Subject: [PATCH] KEYCLOAK-3514 : Don't call logout for bearer-only client

---
 .../adapters/undertow/AbstractUndertowKeycloakAuthMech.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java
index e65d9226f0..2398c95c83 100755
--- a/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java
+++ b/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/AbstractUndertowKeycloakAuthMech.java
@@ -92,7 +92,7 @@ public abstract class AbstractUndertowKeycloakAuthMech implements Authentication
                 UndertowHttpFacade facade = createFacade(exchange);
                 KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
                 KeycloakSecurityContext ksc = exchange.getAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY);
-                if (ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) {
+                if (!deployment.isBearerOnly() && ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) {
                     ((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
                 }
                 AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext);