Hi,
Using keycloak openid, After calling /auth/revoke using the logout button, the token from the browser is removed but somehow persists in the node-red and on again clicking with single sign-on button token somehow appears back and never goes to keycloak for authentication until the token expires from keycloak. is there any way to clear the session from node-red or clear the token??
Tested clearing out the file- /.sessions.json but didn't work
That isn't quite true. It will be going to keycloak to authenticate the request. There must be some session cookie against keycloak which causes it to bounce straight back to Node-RED because it considers you as having a valid session.
At the moment there is no hook available to trigger revoking a token on remote authentication systems - it only revokes the internal token use by node-red. That is all passport (the module we use to provide the entire pluggable authentication mechanism) appears to expose.
This would need some further investigation to understand if passport does provide anything in this area and, if not, what would be needed to extend it.