EAS + Keycloak - Logout #191
Description
Hi
I am using EAS + Keycloak
EAS Config:
****-com-eas:
aud: ****-com-eas
eas:
plugins:
- type: oidc
issuer:
discover_url: "https://iam****.com/realms/Portal/.well-known/openid-configuration"
issuer: "https://iam.****.com/realms/Portal"
authorization_endpoint: "https://iam.****.com/realms/Portal/protocol/openid-connect/auth"
token_endpoint: "https://iam.****.com/realms/Portal/protocol/openid-connect/token"
userinfo_endpoint: "https://iam.****.com/realms/Portal/protocol/openid-connect/userinfo"
jwks_uri: "https://iam.****.com/realms/Portal/protocol/openid-connect/certs"
client:
client_id: ****-com-eas
client_secret: j********************B
registration_client_uri: "https://iam.****.com/realms/Portal/clients-registrations/openid-connect/portal-eas"
registration_access_token: "eyJ*********************************************************************************************************************************************************************************************************************************************H2s"
scopes:
- openid
- email
- profile
custom_authorization_parameters: { }
custom_authorization_code_parameters: { }
custom_refresh_parameters: { }
custom_revoke_parameters: { }
redirect_uri: "https://auth.****.com/oauth/callback"
features:
cookie_expiry: false
userinfo_expiry: true
session_expiry: true
session_expiry_refresh_window: 86400
session_retain_id: true
refresh_access_token: true
fetch_userinfo: true
introspect_access_token: false
introspect_expiry: 0
authorization_token: access_token
filtered_service_headers: [ ]
logout:
revoke_tokens_on_logout: ["refresh_token", "access_token", "id_token"]
end_provider_session:
enabled: false
post_logout_redirect_uri: "https://auth.****.com/oauth/end-session-redirect"
backchannel:
enabled: false
assertions:
exp: true
nbf: true
iss: true
userinfo: [ ]
id_token: [ ]
access_token: [ ]
xhr:
redirect_http_code: 401
use_referer_as_redirect_uri: true
csrf_cookie:
enabled: true
domain: "****.com"
path: /
httpOnly: true
secure: true
sameSite: none
cookie:
name: corex-iam-session
domain: "****.com"
path: /
httpOnly: true
secure: true
sameSite: none
custom_error_headers:
Access-Control-Allow-Origin:
source: req
query_opts:
single_value: true
query_engine: jp
query: "$.headers.origin"
Access-Control-Allow-Credentials:
source: static
query_engine: static
query: true
Access-Control-Allow-Headers:
source: static
query_engine: static
query: "location, x-pagination"
Access-Control-Expose-Headers:
source: static
query_engine: static
query: "location, x-pagination"
custom_service_headers: { }My front-end has a Logout button that calls:
https://{{ .Values.web.domain }}/api?__eas_oauth_handler__=logout&redirect_uri=https://{{ .Values.web.domain }},
while the call itself works I am not redirected immediately to the Keycloak log in page but I am getting 302 error( I still stay on the front-end) in the console. I have to refresh the front-end page to be redirected to Keycloak...
I am assuming that there should be a await somewhere?