I'm running a Spring Cloud Gateway which handles the OAuth2 authentication with Keycloak. The login part from a single page application (SPA) works fine, but now I have trouble with the logout.
Here's what I have in mind:
- SPA sends a POST to
/logout
on the gateway. - Gateway invalidates the session and its
SESSION
cookie. - Gateway contacts Keycloak's
end_session_endpoint
, i.e.http://localhost:8080/auth/realms/demo/protocol/openid-connect/logout
. - User gets redirected to the SPA.
This is my current security configuration with Webflux. The code is based on the examples and information mentioned here: