Backchannel Logout Flow Via Keycloak

[dev-aakash1998]

Environment

• lua-resty-openidc version 1.7.4
• Keycloak 14.0.0
• session_storage redis

Expected behaviour

My use case is that I want to delete a user session from Keycloak Admin Panel and the session data that is stored by Nginx should be automatically deleted. I was wondering if an API call from Keycloak to a specific endpoint would help me solve this issue.

Actual behaviour

Right now, I can find no mapping between the session_id generated by Keycloak and lua-resty-session. I was wondering what would be the best practice to solve this issue.

Configuration and NGINX server log files

set $session_secret secret;
set $session_cipher none;
set $session_cookie_samesite None;
set $session_cookie_secure on;
set $session_cookie_lifetime 60;
set $session_cookie_renew 30;
set $session_cookie_discard 60;
set $session_redis_uselocking off;
set $session_storage redis;
set $session_redis_host localhost;

[bodewig]

Unfortunately lua-resty-openidc simply doesn't support the backchannel logout flow, yet. Nor does it support the frontchannel flow which may change if I ever find time to complete #321 .

[engmsilva]

Any predictions to be implemented or Front Channel Logout?

Another alternative way of implementing logout to remover of all browsers with user activity sessions?