Hi,
Using keycloak openid, After calling /auth/revoke using the logout button, the token from the browser is removed but somehow persists in the node-red and on again clicking with single sign-on button token somehow appears back and never goes to keycloak for authentication until the token expires from keycloak. is there any way to clear the session from node-red or clear the token??
Tested clearing out the file- /.sessions.json but didn't work
That isn't quite true. It will be going to keycloak to authenticate the request. There must be some session cookie against keycloak which causes it to bounce straight back to Node-RED because it considers you as having a valid session.
At the moment there is no hook available to trigger revoking a token on remote authentication systems - it only revokes the internal token use by node-red. That is all passport (the module we use to provide the entire pluggable authentication mechanism) appears to expose.
This would need some further investigation to understand if passport does provide anything in this area and, if not, what would be needed to extend it.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy