Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add backchannel logout on user deletion #45537

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Rathan-Naik wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add backchannel logout on user deletion #45537

Rathan-Naik wants to merge 1 commit into from

Conversation

@Rathan-Naik
Copy link
Contributor

@Rathan-Naik Rathan-Naik commented Jan 16, 2026

Centralize logout logic in UserSessionUtil.logoutAllUserSessions(). Add setNotBeforeForUser to invalidate tokens before deletion. Skip setNotBeforeForUser for lightweight users (they don't persist). Trigger backchannel logout for all user sessions (online and offline). Apply to all three deletion paths:

  • Admin API deletion (UserResource.deleteUser)
  • Self-service deletion (DeleteAccount.processAction)
  • Workflow deletion (DeleteUserStepProvider.run)

This ensures that when a user is deleted, all clients with backchannel logout URLs configured are notified via backchannel logout requests.

Closes #45120

@Rathan-Naik Rathan-Naik requested review from a team as code owners January 16, 2026 15:38
@Rathan-Naik Rathan-Naik force-pushed the feature/backchannel-logout-on-user-deletion branch from 6bf54f2 to e6fa01c Compare January 16, 2026 15:39
@Rathan-Naik
Add backchannel logout on user deletion
219a647 
Centralize logout logic in UserSessionUtil.logoutAllUserSessions().
Add setNotBeforeForUser to invalidate tokens before deletion.
Skip setNotBeforeForUser for lightweight users (they don't persist).
Trigger backchannel logout for all user sessions (online and offline).
Apply to all three deletion paths:
- Admin API deletion (UserResource.deleteUser)
- Self-service deletion (DeleteAccount.processAction)
- Workflow deletion (DeleteUserStepProvider.run)

This ensures that when a user is deleted, all clients with backchannel
logout URLs configured are notified via backchannel logout requests.

Closes keycloak#45120

Signed-off-by: Rathan Naik <[email protected]>
@Rathan-Naik Rathan-Naik force-pushed the feature/backchannel-logout-on-user-deletion branch from e6fa01c to 219a647 Compare January 16, 2026 15:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

team/cloud-native team/core-clients team/core-iam

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

OIDC BackChannel logout does not get called when the user gets deleted

1 participant

@Rathan-Naik