- I get offline token in confidential client app by sending request to
/openid-connect/tokenusing authorization_code (scope=openid offline_access). In Keycloak admin console in Offline Access tab I can see created offline token for user that I used to login. (Offline Tokens: 1)
- Then I logout a user by calling
/openid-connect/logoutsending offline token from 1. as parameter. In Keycloak admin console in Offline Access tab I can see that offline token for user that I used to login was removed. (Offline Tokens: 0)
- Then I try to get access token by offline token that I used to logout. I get following response: Offline user session not found.
I would expect that despite a logout, application can still use a offline token to obtain a new access token.
As it is described in Offline Access | keycloak-documentation : “The application can save this offline token in a database or on disk and can use it later even if user is logged out”.
My user has the role mapping for offline_access role. Client also has that role in its scope.
Am I doing something wrong?