Missing ID_TOKEN_HINT at logout, what are my alternatives?

I’m looking for advice regarding the logout process in keycloak 18 and wondering if someone could help me out.

The user connects to an OpenID client and logs in normally in keycloak.
The client in question can’t store any user info, limitations of the clients openid connect integration.
The user initiates the logout process from the client.
The client logs out the user localy then redirects to the idp logout page.

Here’s my question:
The logout page requires the ID_TOKEN_HINT to be provided to skip the logout-confirm page.
If i don’t have the initial user ID_TOKEN from the time the user logged in, what are my alternatives?
Can i use an ID_TOKEN from a service-account id/secret login and provide that one instead? (tested and it worked)
Can i somehow get a new user ID_TOKEN without the use of the user username/password?
I created an endpoint, can i somehow generate a new ID_TOKEN from keycloak objects in java?

Thank you!

1 Like


Have you been able to find a way to resolve your problem without the ID_TOKEN_HINT? Even though I have the token, the consent still appears and will not work as described in the documentation.