1

I am using angular-auth-oidc-client lib for authenticating my app with keycloak as the identity server.i am able to login into the app however the logout functionality is not working. I've read the docs and am using the same call for logout but it doesn't seem to work. Please help. Thanks in advance.

Here is my config:

{
    "sts_server": "http://localhost/auth/realms/test",
    "redirect_url": "http://localhost:4200/app/",
    "client_id": "test_client",
    "response_type": "code",
    "scope": "openid profile email",
    "post_logout_redirect_uri": "http://localhost:4200/app/#/homepage/",
    "startup_route": "/homepage/welcome",
    "start_checksession": "true",
    "silent_renew": "true",
    "silent_renew_url": "assets",
    "max_id_token_iat_offset_allowed_in_seconds": "10",
    "logLevel": "info",
    "forbidden_route": "/unauthorized",
    "unauthorized_route": "/unauthorized"
}

My logout method:

  logOut() {
        this.oidcSecurityService.logoffLocal();
        this.oidcSecurityService.logoffAndRevokeTokens();
        this.oidcSecurityService.logoff();
// none of the three mentioned above work.
    
      }
wazza
  • 173
  • 5
  • 15
  • Hello @wazza, did you find the solution? If yes then please answer and I will upvote so that the post can get closed soon. If no, then please provide more detail. What happens on logout? Do you get errors in console? What is the console output and do you see related network requests? By the way .logoff() should be enough for most cases. – GeofoxCoding Oct 29 '20 at 08:44
  • @GeofoxCoding I haven't found the solution yet. I'm still searching. No errors are seen on the console. – wazza Oct 29 '20 at 10:19
  • okay first add a debug log level like "logLevel: LogLevel.Debug". Then only perform .logoff() and look in your network traffic when you do logout. You shoud see one request to endpoint /logout with an id_token_hint and post_logout_redirect_uri. With a redirect back to your app. Also look into response location header of this request. – GeofoxCoding Oct 29 '20 at 12:06

2 Answers2

0

You have to subscribe to this methods.

 this.sercurityService.logoff().subscribe((result) => {
      // any
    });
Mateusz Kaleta
  • 91
  • 7
0

No solution, but more info:

enter image description here

It looks like the call to /logout is cancelled. However, if I paste that into the browser, it does log me out, so the url and functionality seem ok.

More info:

In my scenario, the page with the logout-button and logic is behind a guard. My theory is that because of the logout-login, the page with the button is no longer available and thus the call to logout is cancelled, in effect staying logged in and returned to the current URL.

Rob Audenaerde
  • 19,195
  • 10
  • 76
  • 121