I can’t get the keycloak to logout in new version with an post logout url. Keycloak tells me “Invalid parameter: id_token_hint” regardless if I pass not token, access_token (Bearer token in my case) or refresh token. Can you tell me what kind of token do I need there? Documentation is a bit unclear about that. So far I understood it, I just need to pass the access token, I got from keycloak with the auth token, but it dind’t work.
1 Like
Found the solution: one need to do authorization request with scope=“openid”. Then keycloak returns id_token alongside of acces and refresh tokens from the token endpoint.
I don’t think adding scope=openid works on Keycloak 18. I have no idea how to get the id_token on that version.
Adding below mentioned parameter while starting keycloak worked for me:
“–spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true”
I am using keycloak 19 (Quarkus) version