-
Notifications
You must be signed in to change notification settings - Fork 9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
logout not working #3368
Comments
@SzymonKlimuk, you're correct - clicking Logout simply flushes the authorization information the Swagger-UI stores internally. I'm not familiar with keycloak, but it appears to be an identity management tool. Swagger-UI doesn't directly integrate with keycloak (or any other specific identity management tool). You can write your own plugin for Swagger-UI that integrates with keycloak to solve your specific use case if you'd like. |
Keycloak is an open source identity and access management tool. It uses standard protocols such as OAuth2 and OpenID Connect to manage authentication and authorization. I think that it is correct that Swagger UI doesn't implement the logout call to keycloak at the moment, because the logout URL is not specified in the Open API 2.0 spec. Open API 3.0 will support OpenID Connect, and then I think that the logout process should be taken into account by Swagger UI. Anyway I've have written a simple plugin that calls the logout page of Keycloak when the user press the Logout button, you can find it here: https://gist.github.com/Fredx87/48fe741eed42efa4e77bd341745084a8 |
@Fredx87 thanks for sharing that plugin! We're tracking OAS 3.0 Try-It-Out support in #3338, which should include OpenID Connect support. We haven't sketched out the finer points of that yet, so I can't definitively say what will be supported and what won't be - but if OpenID Connect session management is a big thing, I'd expect we build out support for it. @webron, can you shed some more light on the intentions here with OpenID? |
OIDC is fairly new and not widely used yet. I can't tell right now what from it will be implemented or when. |
Closing due to inactivity. This is simply to keep our issue tracker clean - feel free to comment if there are any further thoughts or concerns, and we'll be happy to reopen this issue. |
Could someone point me to a resource or document to help with how to write a plugin and utilize it within a .net Core application. We are having a similar issue with Identity Server authentication. The logout button only partially clears the Auth information, but does not actually call a Logout process. a subsequent Logon click will reuse the token that it finds and not take the user to the Login Screen, |
@pthibodeaux, the plugin API is documented here: https://github.com/swagger-api/swagger-ui/tree/master/docs/customization |
Hi, We are testing the Swagger UI vs keycloak authentication.
Assuming successful authentication (any flow: password, accessCode, implicit, application), there is a possibility - the button - to logout. Unfortunately, we see no network traffic after clicking on this button.
I understand that click action probably clears some js variables in swagger ui, but shall it cause any logout action on the keycloak?
Is it not implemented yet?
Are you going to implement it?
Regards,
Szymon Klimuk
The text was updated successfully, but these errors were encountered: