Details
diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index 2bb4d8f..be7291c 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -157,6 +157,22 @@ public class AuthenticationManager {
}
+ // Logout all clientSessions of this user and client
+ public static void backchannelUserFromClient(KeycloakSession session, RealmModel realm, UserModel user, ClientModel client, UriInfo uriInfo, HttpHeaders headers) {
+ String clientId = client.getId();
+
+ List<UserSessionModel> userSessions = session.sessions().getUserSessions(realm, user);
+ for (UserSessionModel userSession : userSessions) {
+ List<ClientSessionModel> clientSessions = userSession.getClientSessions();
+ for (ClientSessionModel clientSession : clientSessions) {
+ if (clientSession.getClient().getId().equals(clientId)) {
+ AuthenticationManager.backchannelLogoutClientSession(session, realm, clientSession, userSession, uriInfo, headers);
+ TokenManager.dettachClientSession(session.sessions(), realm, clientSession);
+ }
+ }
+ }
+ }
+
public static Response browserLogout(KeycloakSession session, RealmModel realm, UserSessionModel userSession, UriInfo uriInfo, ClientConnection connection, HttpHeaders headers) {
if (userSession == null) return null;
UserModel user = userSession.getUser();
diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java
index 207c5b7..0adf215 100755
--- a/services/src/main/java/org/keycloak/services/resources/AccountService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java
@@ -517,16 +517,7 @@ public class AccountService {
user.revokeConsentForClient(client.getId());
// Logout clientSessions for this user and client
- List<UserSessionModel> userSessions = session.sessions().getUserSessions(realm, user);
- for (UserSessionModel userSession : userSessions) {
- List<ClientSessionModel> clientSessions = userSession.getClientSessions();
- for (ClientSessionModel clientSession : clientSessions) {
- if (clientSession.getClient().getId().equals(clientId)) {
- AuthenticationManager.backchannelLogoutClientSession(session, realm, clientSession, userSession, uriInfo, headers);
- TokenManager.dettachClientSession(session.sessions(), realm, clientSession);
- }
- }
- }
+ AuthenticationManager.backchannelUserFromClient(session, realm, user, client, uriInfo, headers);
event.event(EventType.REVOKE_GRANT).client(auth.getClient()).user(auth.getUser()).detail(Details.REVOKED_CLIENT, client.getClientId()).success();
setReferrerOnPage();
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index 49abc1d..666c1da 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -76,8 +76,6 @@ public class UsersResource {
protected RealmModel realm;
private RealmAuth auth;
-
- private TokenManager tokenManager;
@Context
protected ClientConnection clientConnection;
@@ -94,7 +92,6 @@ public class UsersResource {
public UsersResource(RealmModel realm, RealmAuth auth, TokenManager tokenManager) {
this.auth = auth;
this.realm = realm;
- this.tokenManager = tokenManager;
auth.init(RealmAuth.Resource.USER);
}
@@ -357,7 +354,10 @@ public class UsersResource {
ClientModel client = realm.getClientByClientId(clientId);
boolean revoked = user.revokeConsentForClient(client.getId());
- if (!revoked) {
+ if (revoked) {
+ // Logout clientSessions for this user and client
+ AuthenticationManager.backchannelUserFromClient(session, realm, user, client, uriInfo, headers);
+ } else {
throw new NotFoundException("Consent not found for user " + username + " and client " + clientId);
}
}
