Problem/Motivation

When using the keycloak module and enabling the option to logout of identity provider an error appears in Keycloak "Missing parameter: id_token_hint" when the user has a connected account but is logged in with local drupal credentials.

Steps to reproduce

Install and configure keycloak module. Enable the option "Logout from identity provider" in OpenID Connect Settings. Make sure you have a connected account with the IDP. Then log in with normal drupal credentials of the same account. When you log out you dont have the id_token_hint in the URL and it show the missing parameter in the URL.

This was reproduced with Keycloak, maybe other clients also face the same issue.

Proposed resolution

I dont think it makes sence to redirect the user to the IDP when it is logged in with local Drupal credentials.

Remaining tasks

User interface changes

API changes

Data model changes

CommentFileSizeAuthor
#3 openid_connect-3566112-15-05-03.patch916 bytesdripa

Issue fork openid_connect-3566112

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

dripa created an issue. See original summary.

dripa’s picture

dripa commented

Added patch: https://www.drupal.org/files/issues/2026-01-08/openid_connect-3566112-15...
I see the code is being refactored so this patch will not work against the latest dev

dripa’s picture

dripa commented
StatusFileSize
new openid_connect-3566112-15-05-03.patch916 bytes

ccrosaz made their first commit to this issue’s fork.

ccrosaz opened merge request !182

ccrosaz’s picture

ccrosaz
Primary language French
commented
Status: Active » Needs review

Hello,

We have encounter this trouble with our projects where we use Keycloak servers.

I have proposed a correction adapted with the new Logout service, to be mergeable in the 3.X branch.