(相关资料图)

keycloak提供了登出的接口，不过它是一个post方法，需要你根据client_id,client_secret及refresh_token进行登出操作的，有时不太灵活，所以我又自己封装了一下，通过客户端浏览器上存储的session_id进行会话登出。

kc提供的logout

• api:{{host}}/auth/realms/fabao/protocol/openid-connect/logout
• 请求方法：POST
• 请求类型：x-www-form-urlencoded
• 参数：

refresh_token:xxxclient_id:xxxclient_secret:xxx

对remove-sessions登出的封装

// keycloak会话登出逻辑  @GET  @NoCache  @Path("remove-sessions")  public Response deleteSession(@Context HttpRequest request,                                @QueryParam("redirect_uri") String redirectUri) {    return removeSession(TokenUtils.getKeycloakSessionIdFromCookies(request), redirectUri);  }private Response removeSession(String sessionId, String redirectUri) {    if (redirectUri == null || redirectUri.trim().length() == 0) {      log.info("redirect_uri不正确");      return Response.status(400).entity("redirect_uri不正确").type(MediaType.TEXT_HTML).build();    }    TokenUtils.removeSession(session, sessionId);//清除会话    return Response.status(302)        .location(HttpUtils.formatUrl(HttpUtils.removeUrlSpaceParams(redirectUri)))        .cookie(CookieUtils.addCookie(TokenUtils.KC_EXIT_LEGACY, "1"))        .header(HttpHeaders.SET_COOKIE,            CookieUtils.cookieString(TokenUtils.KC_EXIT, "1", "/", null, null, -1, true, true,                ServerCookie.SameSiteAttributeValue.NONE))        .build();}public static void removeSession(KeycloakSession session, String sessionId) {    try {      if (sessionId != null) {        RealmModel realmModel = session.getContext().getRealm();        log.debugf("will remove sessionId:%s", sessionId);        UserSessionModel userSession = session.sessions().getUserSession(session.getContext().getRealm(), sessionId);        if (userSession != null) {          String path = String.format("/auth/realms/%s/", session.getContext().getRealm().getId());          CookieUtils.expireCookie(session.getContext().getRealm(), TokenUtils.KEYCLOAK_SESSION,              path, null, false,              session.getContext().getConnection(), ServerCookie.SameSiteAttributeValue.NONE);          CookieUtils.expireCookie(session.getContext().getRealm(), TokenUtils.KEYCLOAK_SESSION_LEGACY, path, null,              false,              session.getContext().getConnection(), null);          CookieUtils.expireCookie(session.getContext().getRealm(), TokenUtils.AUTH_SESSION_ID,              path, null, false,              session.getContext().getConnection(), ServerCookie.SameSiteAttributeValue.NONE);          CookieUtils.expireCookie(session.getContext().getRealm(), TokenUtils.AUTH_SESSION_ID_LEGACY, path, null,              false,              session.getContext().getConnection(), null);          AuthenticationManager.backchannelLogout(session,              realmModel,              userSession,              session.getContext().getUri(),              session.getContext().getConnection(),              session.getContext().getRequestHeaders(),              true);        }      }    } catch (Exception ex) {      log.error(ex);    }  }

通过上面的封装，我们在其它对应到keycloak的客户端，直接在浏览器上输入/auth/realms/fabao/sms/remove-sessions?redirect_uri=your-site，就可以把keycloak在当前浏览器里的会话登出了，并重定向到自己的you-site网站。