I can’t get the keycloak to logout in new version with an post logout url. Keycloak tells me “Invalid parameter: id_token_hint” regardless if I pass not token, access_token (Bearer token in my case) or refresh token. Can you tell me what kind of token do I need there? Documentation is a bit unclear about that. So far I understood it, I just need to pass the access token, I got from keycloak with the auth token, but it dind’t work.
Found the solution: one need to do authorization request with scope=“openid”. Then keycloak returns id_token alongside of acces and refresh tokens from the token endpoint.
I don’t think adding scope=openid
works on Keycloak 18. I have no idea how to get the id_token
on that version.
Adding below mentioned parameter while starting keycloak worked for me:
“–spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true”
I am using keycloak 19 (Quarkus) version
Solved after 3 hours of being stocked with this problem.
Instead of looking for “id_token_hint”, you simply use “client_id”.
Tested on Keycloak version 25.04, on 15 Dec 2024.
The logout URL should be:
https://{my_keycloak_url}/realms/{my_realm_name}/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A//myapp_url&client_id={my_app_client_id_on_kk}