I have a web application (confidential client) that has a web route at /logout
that upon visiting, will 301
redirect the user to https://keycloak?post_logout_redirect_uri=...&id_token_hint=...
.
At which point the user gets a logout and redirects back to whatever I have passed in the redirect uri … long story short; it works fine.
I am just wondering if this is a Front or Back channel logout. I would suspect “front channel” because I communicate the logout requests between RP and OP via the User Agent… right?
Back-channel would be my backend just sending a HTTP request to the Keycloak directly, without any 301
redirection going on.
This is described in the spec, just asking for verification.