org.keycloak.protocol.oidc.endpoints

Class LogoutEndpoint

java.lang.Object

org.keycloak.protocol.oidc.endpoints.LogoutEndpoint

public class LogoutEndpoint
extends Object

Author:

Stian Thorgersen

Field Summary

Fields

Modifier and Type	Field and Description
protected static org.jboss.logging.Logger	logger

Constructor Summary

Constructors

Constructor and Description
LogoutEndpoint(TokenManager tokenManager, AuthenticationManager authManager, RealmModel realm, EventBuilder event)

Method Summary

Methods

Modifier and Type	Method and Description
javax.ws.rs.core.Response	logout(String redirectUri, String encodedIdToken, String postLogoutRedirectUri, String state) Logout user session.
javax.ws.rs.core.Response	logoutToken(String authorizationHeader, javax.ws.rs.core.MultivaluedMap<String,String> form) Logout a session via a non-browser invocation.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected static org.jboss.logging.Logger logger

Constructor Detail

LogoutEndpoint

public LogoutEndpoint(TokenManager tokenManager,
              AuthenticationManager authManager,
              RealmModel realm,
              EventBuilder event)

Method Detail

logout

@GET
public javax.ws.rs.core.Response logout(@QueryParam(value="redirect_uri")
                                   String redirectUri,
                                   @QueryParam(value="id_token_hint")
                                   String encodedIdToken,
                                   @QueryParam(value="post_logout_redirect_uri")
                                   String postLogoutRedirectUri,
                                   @QueryParam(value="state")
                                   String state)

Logout user session. User must be logged in via a session cookie.

Parameters:

redirectUri -

Returns:

logoutToken

@POST
@Consumes(value="application/x-www-form-urlencoded")
public javax.ws.rs.core.Response logoutToken(@HeaderParam(value="Authorization")
                                                  String authorizationHeader,
                                                  javax.ws.rs.core.MultivaluedMap<String,String> form)

Logout a session via a non-browser invocation. Similar signature to refresh token except there is no grant_type. You must pass in the refresh token and authenticate the client if it is not public. If the client is a confidential client you must include the client-id (application name or oauth client name) and secret in an Basic Auth Authorization header. If the client is a public client, then you must include a "client_id" form parameter with the app's or oauth client's name. returns 204 if successful, 400 if not with a json error response.

Parameters:

authorizationHeader -

form -

Returns: