How is logout really working and can we bypass the logout-confirm page?

I’m trying to get a grasp on how to logout from a java adapter. Currently what I do is to call the endpoint https://localhost:8444/realms/test/protocol/openid-connect/logout and then I get a logout confirmation page.
First question: how can I bypass that? to not be shown and go directly to the logout page?
In my setup I have a client with minimal setup, that all the information are loaded in the application from the well-known endpoint (so no java deployment and I will want to not change that).

— Next part is more fore understanding purpose & hopefully to clarify some stuff for others too—
Secondly when it comes to the documentation I didn’t find very good examples of how to do the frontend logout or backend logout? (I suppose the backend logout makes sense when you write the Java adapter and call the Keycloak class with the logout function. Right?)
And frontend logout is something that you probably have in a React/Angular application as js adapter?

So if that is the case, none of this solutions will fit my use case to just use the openid-connect and not extend the application, right?

Hello,

Keycloak recently changed the logout behavior as documented in this blog post on Keycloak 18.0.0.

You now have to provide additonal URL parameters when you invoke the endsession endpoint:
https://www.keycloak.org/docs/latest/server_admin/#_oidc-logout

  • id_token_hint = idtoken received by your client
  • post_logout_redirect_uri = url where you want to go after logout

For example in some SPAs that use keycloak.js I provide the required URL parameters as follows:

        // workaround for changes with oidc logout in Keycloak 18.0.0
        // See https://www.keycloak.org/docs/latest/upgrading/index.html#openid-connect-logout
        keycloak.createLogoutUrl = function(options) {
            return keycloak.endpoints.logout()
                + '?id_token_hint=' + keycloak.idToken
                + '&post_logout_redirect_uri=' + encodeURIComponent(window.location.href);
        }

Cheers,
Thomas

2 Likes

Thank you for the response. I’ve seen that, but in our case I’m not sure that it will work. We are using Pega and there you have just a configuration where you can put an URL, so the extra data like id_token_hint we cannot dynamically calculate (I think …or is there a way?).