Logging out with OIDC, post_redirect_uri and client_id

Hi everyone,

I have KeyCloak operating as an identity provider for my web-based application via OIDC. Currently I’m struggling with configuring the loging out from the system. Here is my scenario:

1. User clicks “Log out” button in the browser
2. Ther browser opens https://keycloak.example.com//realms/myrealm/protocol/openid-connect/logout?post_logout_redirect_uri=https://myapp.example.com&client_id=myclient
3. User is redirected to the main page of my app after successful logout

Currently, when a user clicks “Log Out”, the keycloak logout page opens and then user is redirected to the main page without any confirmation. The lack of confirmation is undesired, however it’s not the critical issue. The real problem is that user session doesn’t disappear in the keycloak administration console (myrealm → users → myuser → sessions).

It’s also seems strange to me that if a user open keycloak logout page without parameters (i.e. without post_logout_redirect_uri and client_id) then there is a confirmation form and the user session is destroyed after user logs out.

logout has changed after version 18.

It should now include id_token_hint, with the access_token to avoid the confirmation screen and to really log out the user. id_token_hint=(...)&post_logout_redirect_uri=(...).
Try first with this and see itf the session gets destroyed. Your problem is quite strange, let’s hope it’s just because you lack this hint (but the official should be to show the confirmation screen if something is missing…).

Then, in a second time, for always showing the confirmation logout you can read and track this proposition, with a client having a ‘confirm’ mode enabled but only in logout screen (else it will also be on login).

After struggling with this too, I wanted to leave this StackOverflow answer that solved my problem: