4
keycloak~自定义登出接口
source link: https://www.cnblogs.com/lori/p/17445039.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
keycloak提供了登出的接口,不过它是一个post方法,需要你根据client_id,client_secret及refresh_token进行登出操作的,有时不太灵活,所以我又自己封装了一下,通过客户端浏览器上存储的session_id进行会话登出。
kc提供的logout
- api:{{host}}/auth/realms/fabao/protocol/openid-connect/logout
- 请求方法:POST
- 请求类型:x-www-form-urlencoded
refresh_token:xxx
client_id:xxx
client_secret:xxx
对remove-sessions登出的封装
// keycloak会话登出逻辑
@GET
@NoCache
@Path("remove-sessions")
public Response deleteSession(@Context HttpRequest request,
@QueryParam("redirect_uri") String redirectUri) {
return removeSession(TokenUtils.getKeycloakSessionIdFromCookies(request), redirectUri);
}
private Response removeSession(String sessionId, String redirectUri) {
if (redirectUri == null || redirectUri.trim().length() == 0) {
log.info("redirect_uri不正确");
return Response.status(400).entity("redirect_uri不正确").type(MediaType.TEXT_HTML).build();
}
TokenUtils.removeSession(session, sessionId);//清除会话
return Response.status(302)
.location(HttpUtils.formatUrl(HttpUtils.removeUrlSpaceParams(redirectUri)))
.cookie(CookieUtils.addCookie(TokenUtils.KC_EXIT_LEGACY, "1"))
.header(HttpHeaders.SET_COOKIE,
CookieUtils.cookieString(TokenUtils.KC_EXIT, "1", "/", null, null, -1, true, true,
ServerCookie.SameSiteAttributeValue.NONE))
.build();
}
public static void removeSession(KeycloakSession session, String sessionId) {
try {
if (sessionId != null) {
RealmModel realmModel = session.getContext().getRealm();
log.debugf("will remove sessionId:%s", sessionId);
UserSessionModel userSession = session.sessions().getUserSession(session.getContext().getRealm(), sessionId);
if (userSession != null) {
String path = String.format("/auth/realms/%s/", session.getContext().getRealm().getId());
CookieUtils.expireCookie(session.getContext().getRealm(), TokenUtils.KEYCLOAK_SESSION,
path, null, false,
session.getContext().getConnection(), ServerCookie.SameSiteAttributeValue.NONE);
CookieUtils.expireCookie(session.getContext().getRealm(), TokenUtils.KEYCLOAK_SESSION_LEGACY, path, null,
false,
session.getContext().getConnection(), null);
CookieUtils.expireCookie(session.getContext().getRealm(), TokenUtils.AUTH_SESSION_ID,
path, null, false,
session.getContext().getConnection(), ServerCookie.SameSiteAttributeValue.NONE);
CookieUtils.expireCookie(session.getContext().getRealm(), TokenUtils.AUTH_SESSION_ID_LEGACY, path, null,
false,
session.getContext().getConnection(), null);
AuthenticationManager.backchannelLogout(session,
realmModel,
userSession,
session.getContext().getUri(),
session.getContext().getConnection(),
session.getContext().getRequestHeaders(),
true);
}
}
} catch (Exception ex) {
log.error(ex);
}
}
通过上面的封装,我们在其它对应到keycloak的客户端,直接在浏览器上输入/auth/realms/fabao/sms/remove-sessions?redirect_uri=your-site,就可以把keycloak在当前浏览器里的会话登出了,并重定向到自己的you-site网站。
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK