Keycloak Spring boot logout from session

Question

Am facing a problem that i don't know how to end the session for a user I already use this one : https://{server}/auth/realms/{Realm}/protocol/openid-connect/logout?id_token_hint={token}& post_logout_redirect_uri={URI TO REDIRECT }

also am using the RealmResource :

        Keycloak keycloak = Keycloak.getInstance(
                "serverURL",
                "realm",
                "username",
                "pass",
                "");

        RealmResource realmResource = keycloak.realm("realm");
        
       ---> realmResource.deleteSession(sessionId); i receive here a error that the Methode not allowed

score 0 · Answer 1 · answered May 22 '22 at 18:07

Your description doesn't contains too much details, but let me present you another way on how to deal with logout in a Spring way.

PS: I will asume that you know how to inject additional dependencies for this solution to compile & run.

Why don't you use a well known implementation of ServerLogoutSuccessHandler to logout from Keycloak and remove user session ?

    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {

        http.logout()
                .logoutUrl("/logout")
                .logoutSuccessHandler(oidcLogoutSuccessHandler());

        return http.build();
    }

    @Bean
    public ServerLogoutSuccessHandler oidcLogoutSuccessHandler() {
        OidcClientInitiatedServerLogoutSuccessHandler successHandler = new OidcClientInitiatedServerLogoutSuccessHandler(clientRegistrationRepository);
        successHandler.setPostLogoutRedirectUri(baseUrl);
        return successHandler;
    }

The official docs for this can be found at https://docs.spring.io/spring-security/reference/servlet/oauth2/login/advanced.html#oauth2login-advanced-oidc-logout — Wim Deblauwe, Sep 15 '22 at 08:27
@Adam, I did the same thing you suggested, but when I am trying to logout it's give "Invalid Redirect Uri" error, — user3692033, Mar 08 '23 at 08:47

score 0 · Answer 2 · answered Jun 06 '22 at 08:01

And another way is to use Keycloak API

@Operation(summary = "User logout", security = @SecurityRequirement(name = "bearerAuth"))
@GetMapping(value = "/logout/{refresh_token}", produces=MediaType.APPLICATION_JSON_VALUE)
public void logout(@PathVariable String refresh_token) {
    MultiValueMap<String, String> requestParams = new LinkedMultiValueMap<>();
        requestParams.add("client_id", this.clientId);
        requestParams.add("client_secret", this.clientSecret);
        requestParams.add("refresh_token", refreshToken);

        logoutUserSession(requestParams);
}



private void logoutUserSession(MultiValueMap<String, String> requestParams) {
    HttpHeaders headers = new HttpHeaders();
    headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);

    HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(requestParams, headers);
    String url = String.format("%s/realms/%s/protocol/openid-connect/logout", this.authServerUrl, this.realm);

    restTemplate.postForEntity(url, request, Object.class);
    // got response 204, no content
}

Keycloak Spring boot logout from session

2 Answers2