id_token_hint - oauth2 - nginx - where to find? #27755
-
Hello, my application is written in Angular (Frontend), NestJS (Backend) and it sits on a server managed by keycloak, nginx and oauth2-proxy. In the end the oauth2 and nginx checks if the browser is already logged in and send the header to the backend (with all user data, access_token). If not so it redirect to the keycloak login page. All fine.. But: For the logout without the confirm page I must have the "id_token"/"id_token_hint". I never send a login request from frontend/backend to keycloak to get maybe the id_token. This is all managed by oauth2-proxy, keycloak and nginx. So my question: How to get the current users id_token in this case? The endpoint: "https://mywebsite/auth/realms/master/protocol/openid-connect/token" works fine, but creates a new user session. That's not what I want. Thx and greetings, Florian |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
I think this is something you would need to configure on oauth2-proxy to perform the backend logout on sign out. It looks like the
|
Beta Was this translation helpful? Give feedback.
I think this is something you would need to configure on oauth2-proxy to perform the backend logout on sign out.
It looks like the
--backend-logout-url
configuration option is what you want to configure, and this should be configured with Keycloak'send_session_endpoint
where{id_token}
can be used as a placeholder.--backend-logout-url=https://mywebsite/auth/realms/master/protocol/openid-connect/logout?id_token_hint={id_token}