Dealing with users logging out
Initiating the logout
A logout can for example be initiated by the user through clicking on a logout button in the application. When the logout button is clicked, the application would send a request to the OpenID Connect RP-Initiated logout.
The application redirects the user to the Keycloak End Session endpoint, which is registered in the OpenID Provider Metadata as
end_session_endpoint. The endpoint takes the following parameters:
id_token_hint: A previously issued ID token. This token is used by Keycloak to identify the client that is logging out, the user, as well as the session that the client wants to log out of.
post_logout_redirect_uri: If the client wants Keycloak to redirect back to it after the logout, it can pass the URL to Keycloak. The client has to previously...