I'm newbe in this subject. I configured Keycloak and mod_auth_openidc in apache2.x. I have simple php app, and i want logout from this app, but i need id_token_hint variable.
https:///auth/realms//protocol/openid-connect/logout?id_token_hint=xxxyyy&post_logout_redirect_uri=<url encoded redirect url>
I can get many OIDC_CLAIM_* variables from header but i don't get id_token.I have only access_token, access_token_expires, but it is not valid variable for id_token_hint.
mod_auth_openidc configuration:
Configuration:
OIDCCryptoPassphrase 012345678
OIDCProviderMetadataURL https://testsite:8443/realms/myrealm/.well-known/openid-configuration
OIDCClientID client
OIDCClientSecret xxxyyyzzz
OIDCRedirectURI http://testsite/phpsite/redirect_uri
OIDCRemoteUserClaim email
OIDCInfoHook userinfo
# only for test with self signed cert
OIDCSSLValidateServer Off
OIDCScope "openid"
# OIDCResponseType code
<Location /phpsite>
AuthType openid-connect
Require valid-user
Require claim
</Location>
Anybody have a idea? Best regards
Maybe this could help you ?
Iirc, you must ask for id token as well as access token (I don't know how to do it exactly in PHP but I'm sure you will find), and then send this id token to logout.
Hope it helps