Keycloak logout not working when used with next-auth

[phillystafford]

Hi, I was wondering if you could help me with the following issue please?

I'm trying to implement an authentication flow using next-auth and this keycloak-passport strategy.

Both libraries work great together when I log into my keycloak instance but when I log out, I seem to be logged out on the client side. But when I try to log in again using keycloak-passport I get the Unable to sign in page from next-auth

It seems to be logging out from the client side but the session seems to be persisted on the server side. When I hit my login page directly it redirects me to the account admin section on my keycloak instance so I'm definitely still logged in on the server.

I've tried to debug the logout flow to see if I can determine the problem but none of the console.log statements I placed in the handleSignOutSubmit() function are firing.

I opened an issue on the next-auth repo here which goes into more detail.

I'd be really grateful if you could point me in the tight direction on this please

[svarlamov]

@woppers Thank you for providing a detailed description of the situation -- really appreciate that! At the moment, based on what I've heard from the other issues in the next-auth project, they are having some issues with passport-oauth2-based passport strategies. This strategy is based on that npm package, so that seems to be the root cause -- pretty certain about that.

So assuming that's the case, I'm not exactly sure how our keycloak passport strategy fits into this, because there is no explicit logout-related functionality provided in this package. Perhaps there is a missing function? I am happy to add whatever support is required to make that happen, but similar to yourself, I'm struggling to figure out what the required interface is here.

The other potential issue that comes to mind is something related to the user profile, i.e., it might be missing a field that next-auth is expecting, but it feels like a bit of a stretch since this is only popping up after logout. Please let me know if the next-auth maintainers can suggest some places to look (based on their implementation)

[phillystafford]

@svarlamov Thanks a million for getting back to regarding this issue. I really appreciate it 🙂 I was hoping/praying that you may have some Jedi magic trick up your sleeve that would help me figure this out 😂

Thanks for the advice. It's after narrowing down the search for the root problem. I'll keep digging into this and if/when I come up with a solution, you'll be the first to know 💪

I'll close this question and report back if I figure it out.

[geekyme]

@woppers did you manage to figure out how to use nextjs with keycloak?

[Zembios]

@phillystafford @svarlamov Any progress on this issue?

[anthodb]

We have the same issue also here.. Any progress on this? The signout method from next-auth does not call the logout method of keycloak, resulting on a session still active on the server. The user is never asked again to enter the password. Which is critical for us after the signout. Thanks a lot for your input on this.