Backchannel logout via admin panel


In my case when “Service A” requests access token with
(AND according to comments from
with client_session_state=… and client_session_host=…) keycloak doesn’t do ‘k_logout’ backchannel request, printing ‘Cant logout {0}: no logged adapter sessions’ to debug output.

I think the problem exists because keycloak doesn’t support such usage for client_credentials grant, only for authorization_code (some research of keycloak server source code). Is there any way to use backchannel logout for this use case?

Resource server represented by spring boot application with appropriate keycloak adapter


Keycloak doesn’t support a backchannel logout as mentioned in the specs. The only thing is the “k_logout” via the admin URL, which you already discovered, but this doesn’t work for client auth.

Backchannel logout is on the roadmap - …somewhere.


Thanks for answer. I think you mentioned this feature request , unfortunately it is really “somewhere” and “sometime”. Subscribed and voted just in case

So at the current time, KC backchannel logout is not available right?

According to, OIDC backchannel logout should come with KC 12.x (but no guarantees).

Thanks a lot for your response.

Hope they get this working in the next version, we need it a lot.!

12.0.2 already supports back-channel logout url config in kc console