Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Ensure the logout endpoint removes the authentication session #43872

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mposolda merged 1 commit into from
Oct 31, 2025
Merged

Ensure the logout endpoint removes the authentication session #43872

mposolda merged 1 commit into from
Oct 31, 2025

Conversation

@rmartinc
Copy link
Contributor

@rmartinc rmartinc commented Oct 31, 2025

Closes #43853

The logout endpoint, when logging out out of band using the id_token_hint, should take into account the auth session in case it still exists. For that the createOrJoinLogoutSession should be called after, when the user session is known. This way, we are doing the same that is executed for the refresh token, or when deleting a session using the admin console, the backchannelLogout is executed with the user session is passed (here). New test added with the very specific conditions needed to reach this issue.

@rmartinc rmartinc requested review from a team as code owners October 31, 2025 07:46
mposolda
mposolda approved these changes Oct 31, 2025
View reviewed changes
Copy link
Contributor

@mposolda mposolda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rmartinc LGTM! Can you please rebase? It might help with the fix of the failing UI test.

@mposolda mposolda self-assigned this Oct 31, 2025
@rmartinc
Copy link
Contributor Author

rmartinc commented Oct 31, 2025

@mposolda I sent this one with the other fix already merged, so I think it's different (it seems that it is just one flaky test failing in admin UI). Please re-run when finished. If I see that it fails again I will rebase it.

This was referenced Oct 31, 2025
Closed
Closed
@mposolda mposolda merged commit 3b3adcf into keycloak:main Oct 31, 2025
87 of 89 checks passed
This was referenced Oct 31, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mposolda mposolda mposolda approved these changes

Assignees

@mposolda mposolda

Labels

flaky-test team/cloud-native team/core-clients team/core-iam

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Ensure the logout endpoint removes the authentication session

2 participants

@rmartinc @mposolda