Logout with keycloak

[oravagamer]

How to logout a get redirected. When it logs out it redirects me to keycloak and i get a 400 error session not active.

[guillaume-chervet]

hi @oravagamer, I will make a try. I may be a new error since I have added tokens invalidation before logout.

[guillaume-chervet]

hi @oravagamer , which configuration did you set up?

export const configurationIdentityServer = {
    client_id: 'demo',
    redirect_uri: window.location.origin + '/authentication/callback',
    silent_redirect_uri: window.location.origin + '/authentication/silent-callback',
    // silent_login_uri: window.location.origin + '/authentication/silent-login',
    scope: 'profile email openid',
    authority: 'http://localhost:8081/realms/master',
    // authority_time_cache_wellknowurl_in_second: 60* 60,
    refresh_time_before_tokens_expiration_in_second: 40,
    // service_worker_relative_url: '/OidcServiceWorker.js',
    service_worker_only: false,
    // storage: localStorage,
    // silent_login_timeout: 3333000
    // monitor_session: true,
    token_renew_mode: TokenRenewMode.access_token_invalid,
    token_request_extras: {
        client_secret: 'dA0eYtGSN7wq3TSOOPJnkdWw8aroCTlG',
    },
  };

With a very quick configuration from my side it is working:

[oravagamer]

I am using this configuration. Keycloak has proxy to http://localhost:3000

`import {OidcConfiguration} from "@axa-fr/react-oidc";

const keycloak: OidcConfiguration = {
    authority: window.location.origin + "/auth/realms/demo",
    client_id: "react-web-app",
    redirect_uri: window.location.origin + "/authentication/callback",
    monitor_session: true,
    scope: "profile"
}

export default keycloak;`

But i fixed that with:

logout("/", {
                    client_id: "react-web-app",
                    redirect_uri: window.location.origin
                })

[guillaume-chervet]

thank you @oravagamer for your feedback.

Does is work without "openid" scope ?

Whithout openid, i encounter that behavior.

[noherczeg]

I encountered the same, logout breaks if the configuration does not contain the openid scope.

Maybe we should include this info in the docs! Unless of course if this is a bug.

[guillaume-chervet]

Hi @noherczeg , thank you for he feedback. Yes i defintely i have to add this in the documentation. Thank you for your feedback ;)

[Zamaletdinov]

Hi @oravagamer @noherczeg @guillaume-chervet I'm not sure if it's related to the Keycloak's version or something else, but I have it working with the following setup:

  const onSignOutClick = useCallback(() => {
    logout(null, {
      client_id: 'my-client',
      post_logout_redirect_uri: `${window.location.origin}/signed-out`
    });
  }, [logout]);

---

While with an example from above breaks signout flow (the only difference is post_logout_redirect_uri vs redirect_uri):

  const onSignOutClick = useCallback(() => {
    logout('/', {
      client_id: 'my-client',
      redirect_uri: `${window.location.origin}/signed-out`
    });
  }, [logout]);

[guillaume-chervet]

hi @Zamaletdinov , thank you for your issue.

I think, it will work with this correct syntaxe bellow =>

const onSignOutClick = useCallback(() => { logout('${window.location.origin}/signed-out' }, [logout]);

[Zamaletdinov]

Hmm, interesting, your approach was the first one I tried, but somehow it didn't work properly - probably there were some other problems on my side, but anyway I started digging into the problem and found this issue 🤔

Anyway, now it works, thanks @guillaume-chervet!

[guillaume-chervet]

Thank you @Zamaletdinov for the feedback. I am interrested, what did you do to solve your issue?

[Zamaletdinov]

@guillaume-chervet This approach was already working for me taking into account that I do include openid in the scope

  const onSignOutClick = useCallback(() => {
    logout(null, {
      client_id: 'my-client',
      post_logout_redirect_uri: `${window.location.origin}/signed-out`
    });
  }, [logout]);

But your solution made it even simpler :)

---

I also tried to exclude client_id from that approach, but in that case I would receive the same error as you got about id_token_hint

[guillaume-chervet]

Thank you @Zamaletdinov for your feedback :)

[guillaume-chervet]

Hi @Zamaletdinov @oravagamer , thank you for your issue. I close it but feel free to reopen it if you need it.