This repository was archived by the owner on Apr 18, 2024. It is now read-only.
This repository was archived by the owner on Apr 18, 2024. It is now read-only.
frontchannel logout with firefox not working #30
Description
Hello,
It seems frontchannel logout with firefox doesn't remove all session info.
After the first logout from the web app, every login attempt end up with a kong error page.
If I remove all cookies or use a private window then login works fine.
The keycloak session is removed
There is no issue with chrome/chromium.
I tried different version of firefox.
I compared cookies handling between firefox and chrome. I didn't notice any difference.
There is an error in kong log:
state from argument: .... does not match state restored from session
I tried hard-coding the session_secret (as advised in some lua-resty-openidc issue) but it didn't fix anything.
Did someone manage to have oidc working with firefox ?
(partial) deck yaml config:
- hosts:
- {{myhost}}
name: myroute
paths:
- /
- /logout
plugins:
- config:
access_token_as_bearer: 'yes'
access_token_header_name: Authorization
bearer_only: 'no'
client_id: myclientid
client_secret: xxxxxxxxxx
session_secret: xxxxxxxxxxx
discovery: https://{{myauthhost}}/realms/MY-APP/.well-known/openid-configuration
introspection_endpoint: https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/token/introspect
introspection_endpoint_auth_method: client_secret_post
ssl_verify: 'no'
realm: MY-APP
logout_path: /logout
revoke_tokens_on_logout: 'yes'
redirect_after_logout_uri: https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/logout?post_logout_redirect_uri=https://{{myhost}}
redirect_after_logout_with_id_token_hint: 'yes'
response_type: code token
name: oidc
protocols:
- https
strip_path: falsekeycloak client config:
{
"clientId": "myclient",
"name": "",
"description": "Client used by kong plugins oidc",
"rootUrl": "",
"adminUrl": "",
"baseUrl": "https://{{myhost}}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "xxxxxxxxxxxxxxxxx",
"redirectUris": [
"",
"https://{{myauthhost}}/",
"https://{{myauthhost}}",
"https://{{myauthhost}}/*",
"https://{{myhost}}",
"https://{{myhost}}/",
"https://{{myhost}}/*"
],
"webOrigins": [
"",
"+"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"frontchannelLogout": true,
"protocol": "openid-connect",
"attributes": {
"login_theme": "my-app",
"frontchannel.logout.url": "https://{{myhost}}/logout",
"post.logout.redirect.uris": "+",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"use.refresh.tokens": "false",
"exclude.session.state.from.auth.response": "false",
"tls-client-certificate-bound-access-tokens": "false",
"oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "false",
"client_credentials.use_refresh_token": "false",
"acr.loa.map": "{}",
"require.pushed.authorization.requests": "false",
"display.on.consent.screen": "false",
"token.response.type.bearer.lower-case": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"protocolMappers": [
{
"name": "Client IP Address",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientAddress",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientAddress",
"jsonType.label": "String"
}
},
{
"name": "Client Host",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientHost",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientHost",
"jsonType.label": "String"
}
},
{
"name": "Client ID",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientId",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientId",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}kong log for first logout with firefox
2023/01/23 16:22:49 [debug] 515215#0: *13338495 [lua] init.lua:288: [cluster_events] polling events from: 1674028682.787
2023/01/23 16:22:54 [debug] 515215#0: *13338639 [lua] init.lua:288: [cluster_events] polling events from: 1674028682.787
2023/01/23 16:22:54 [debug] 515222#0: *13336346 [lua] handler.lua:89: make_oidc(): OidcHandler calling authenticate, requested path: /logout
2023/01/23 16:22:54 [debug] 515222#0: *13336346 [lua] session.lua:630: start(): session.start
2023/01/23 16:22:54 [debug] 515222#0: *13336346 [lua] session.lua:584: open(): session.open
2023/01/23 16:22:54 [debug] 515222#0: *13336346 [lua] session.lua:262: get_cookie(): cookie name: cookie_session
2023/01/23 16:22:54 [debug] 515222#0: *13336346 [lua] session.lua:262: get_cookie(): cookie name: cookie_session_2
2023/01/23 16:22:54 [debug] 515222#0: *13336346 [lua] session.lua:611: open(): cookie found
2023/01/23 16:22:54 [debug] 515222#0: *13336346 [lua] openidc.lua:1421: authenticate(): Logout path (/logout) is currently navigated -> Processing local session removal before redirecting to next step of logout process
2023/01/23 16:22:54 [debug] 515222#0: *13336346 [lua] openidc.lua:553: openidc_discover(): openidc_discover: URL is: https://{{myauthhost}}/realms/MY-APP/.well-known/openid-configuration
2023/01/23 16:22:54 [debug] 515222#0: *13336346 [lua] openidc.lua:559: openidc_discover(): discovery data not in cache, making call to discovery endpoint
2023/01/23 16:22:54 [debug] 515222#0: *13336346 [lua] openidc.lua:427: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
2023/01/23 16:22:54 [debug] 515221#0: *13336351 [lua] init.lua:1006: balancer(): setting address (try 1): xxx.xxx.xxx.xxx:xxx
2023/01/23 16:22:54 [debug] 515221#0: *13336351 [lua] init.lua:1035: balancer(): enabled connection keepalive (pool=xxx.xxx.xxx.xxx|xxx|{{myauthhost}}, pool_size=60, idle_timeout=60, max_requests=100)
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:572: openidc_discover(): response data: {"issuer":"https://{{myauthhost}}/realms/MY-APP","authorization_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/auth","token_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/token","introspection_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/token/introspect","userinfo_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/userinfo","end_session_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/logout","frontchannel_logout_session_supported":true,"frontchannel_logout_supported":true,"jwks_uri":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/certs","check_session_iframe":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials","urn:ietf:params:oauth:grant-type:device_code","urn:openid:params:grant-type:ciba","urn:ietf:params:oauth:grant-type:token-exchange"],"acr_values_supported":["0","1"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"id_token_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"userinfo_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"userinfo_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"userinfo_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"request_object_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"request_object_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"request_object_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"response_modes_supported":["query","fragment","form_post","query.jwt","fragment.jwt","form_post.jwt","jwt"],"registration_endpoint":"https://{{myauthhost}}/realms/MY-APP/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"introspection_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"introspection_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"authorization_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"authorization_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"authorization_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"claims_supported":["aud","sub","iss","auth_time","name","given_name","family_name","preferred_username","email","acr"],"claim_types_supported":["normal"],"claims_parameter_supported":true,"scopes_supported":["openid","roles","acr","phone","offline_access","address","microprofile-jwt","email","profile","web-origins"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"code_challenge_methods_sup
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:658: openidc_get_token_auth_method(): 1 => private_key_jwt
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:658: openidc_get_token_auth_method(): 2 => client_secret_basic
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:658: openidc_get_token_auth_method(): 3 => client_secret_post
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:660: openidc_get_token_auth_method(): configured value for token_endpoint_auth_method (client_secret_post) found in token_endpoint_auth_methods_supported in metadata
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:688: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_post
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:1234: openidc_logout(): openidc logout
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] session.lua:630: start(): session.start
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] session.lua:632: start(): session is already started
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:1247: openidc_logout(): revoke_tokens_on_logout is enabled. trying to revoke access and refresh tokens...
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:658: openidc_get_token_auth_method(): 1 => private_key_jwt
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:658: openidc_get_token_auth_method(): 2 => client_secret_basic
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:658: openidc_get_token_auth_method(): 3 => client_secret_post
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:660: openidc_get_token_auth_method(): configured value for token_endpoint_auth_method (client_secret_post) found in token_endpoint_auth_methods_supported in metadata
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:688: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_post
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:460: call_token_endpoint(): client_secret_post: client_id and client_secret being sent in POST body
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:508: call_token_endpoint(): request body for revocation endpoint call: token=xxx.yyy.zzz-aa-bb-cc-dd-ee&client_id=client_id&token_type_hint=access_token&client_secret=myclientsecret
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:427: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
2023/01/23 16:22:55 [debug] 515221#0: *13336351 [lua] init.lua:1006: balancer(): setting address (try 1): xxx.xxx.xxx.xxx:xxx
2023/01/23 16:22:55 [debug] 515221#0: *13336351 [lua] init.lua:1035: balancer(): enabled connection keepalive (pool=xxx.xxx.xxx.xxx|xxx|{{myauthhost}}, pool_size=60, idle_timeout=60, max_requests=100)
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:526: call_token_endpoint(): revocation endpoint response:
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] openidc.lua:1221: openidc_revoke_token(): revocation of access_token successful
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] init.lua:1006: balancer(): setting address (try 1): xxx.xxx.xxx.xxx:xxx
2023/01/23 16:22:55 [debug] 515222#0: *13336346 [lua] init.lua:1035: balancer(): enabled connection keepalive (pool=xxx.xxx.xxx.xxx|xxx|{{myauthhost}}, pool_size=60, idle_timeout=60, max_requests=100)
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] handler.lua:89: make_oidc(): OidcHandler calling authenticate, requested path: /
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] session.lua:630: start(): session.start
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] session.lua:584: open(): session.open
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] session.lua:262: get_cookie(): cookie name: cookie_session
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] session.lua:623: open(): cookie not found => regenerate
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] session.lua:640: start(): session not present
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] session.lua:646: start(): session created
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:1449: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:553: openidc_discover(): openidc_discover: URL is: https://{{myauthhost}}/realms/MY-APP/.well-known/openid-configuration
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:559: openidc_discover(): discovery data not in cache, making call to discovery endpoint
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:427: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
2023/01/23 16:22:56 [debug] 515221#0: *13336351 [lua] init.lua:1006: balancer(): setting address (try 1): xxx.xxx.xxx.xxx:xxx
2023/01/23 16:22:56 [debug] 515221#0: *13336351 [lua] init.lua:1035: balancer(): enabled connection keepalive (pool=xxx.xxx.xxx.xxx|xxx|{{myauthhost}}, pool_size=60, idle_timeout=60, max_requests=100)
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:572: openidc_discover(): response data: {"issuer":"https://{{myauthhost}}/realms/MY-APP","authorization_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/auth","token_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/token","introspection_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/token/introspect","userinfo_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/userinfo","end_session_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/logout","frontchannel_logout_session_supported":true,"frontchannel_logout_supported":true,"jwks_uri":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/certs","check_session_iframe":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials","urn:ietf:params:oauth:grant-type:device_code","urn:openid:params:grant-type:ciba","urn:ietf:params:oauth:grant-type:token-exchange"],"acr_values_supported":["0","1"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"id_token_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"userinfo_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"userinfo_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"userinfo_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"request_object_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"request_object_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"request_object_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"response_modes_supported":["query","fragment","form_post","query.jwt","fragment.jwt","form_post.jwt","jwt"],"registration_endpoint":"https://{{myauthhost}}/realms/MY-APP/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"introspection_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"introspection_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"authorization_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"authorization_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"authorization_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"claims_supported":["aud","sub","iss","auth_time","name","given_name","family_name","preferred_username","email","acr"],"claim_types_supported":["normal"],"claims_parameter_supported":true,"scopes_supported":["openid","roles","acr","phone","offline_access","address","microprofile-jwt","email","profile","web-origins"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"code_challenge_methods_sup
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:658: openidc_get_token_auth_method(): 1 => private_key_jwt
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:658: openidc_get_token_auth_method(): 2 => client_secret_basic
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:658: openidc_get_token_auth_method(): 3 => client_secret_post
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:660: openidc_get_token_auth_method(): configured value for token_endpoint_auth_method (client_secret_post) found in token_endpoint_auth_methods_supported in metadata
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:688: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_post
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:1480: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] handler.lua:89: make_oidc(): OidcHandler calling authenticate, requested path: /service-worker.js
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] session.lua:630: start(): session.start
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] session.lua:584: open(): session.open
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] session.lua:262: get_cookie(): cookie name: cookie_session
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] session.lua:623: open(): cookie not found => regenerate
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] session.lua:640: start(): session not present
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] session.lua:646: start(): session created
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:1449: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:553: openidc_discover(): openidc_discover: URL is: https://{{myauthhost}}/realms/MY-APP/.well-known/openid-configuration
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:559: openidc_discover(): discovery data not in cache, making call to discovery endpoint
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:427: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
2023/01/23 16:22:56 [debug] 515221#0: *13336351 [lua] init.lua:1006: balancer(): setting address (try 1): xxx.xxx.xxx.xxx:xxx
2023/01/23 16:22:56 [debug] 515221#0: *13336351 [lua] init.lua:1035: balancer(): enabled connection keepalive (pool=xxx.xxx.xxx.xxx|xxx|{{myauthhost}}, pool_size=60, idle_timeout=60, max_requests=100)
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:572: openidc_discover(): response data: {"issuer":"https://{{myauthhost}}/realms/MY-APP","authorization_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/auth","token_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/token","introspection_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/token/introspect","userinfo_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/userinfo","end_session_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/logout","frontchannel_logout_session_supported":true,"frontchannel_logout_supported":true,"jwks_uri":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/certs","check_session_iframe":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials","urn:ietf:params:oauth:grant-type:device_code","urn:openid:params:grant-type:ciba","urn:ietf:params:oauth:grant-type:token-exchange"],"acr_values_supported":["0","1"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"id_token_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"userinfo_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"userinfo_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"userinfo_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"request_object_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"request_object_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"request_object_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"response_modes_supported":["query","fragment","form_post","query.jwt","fragment.jwt","form_post.jwt","jwt"],"registration_endpoint":"https://{{myauthhost}}/realms/MY-APP/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"introspection_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"introspection_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"authorization_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"authorization_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"authorization_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"claims_supported":["aud","sub","iss","auth_time","name","given_name","family_name","preferred_username","email","acr"],"claim_types_supported":["normal"],"claims_parameter_supported":true,"scopes_supported":["openid","roles","acr","phone","offline_access","address","microprofile-jwt","email","profile","web-origins"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"code_challenge_methods_sup
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:658: openidc_get_token_auth_method(): 1 => private_key_jwt
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:658: openidc_get_token_auth_method(): 2 => client_secret_basic
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:658: openidc_get_token_auth_method(): 3 => client_secret_post
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:660: openidc_get_token_auth_method(): configured value for token_endpoint_auth_method (client_secret_post) found in token_endpoint_auth_methods_supported in metadata
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:688: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_post
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] openidc.lua:1480: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] init.lua:1006: balancer(): setting address (try 1): xxx.xxx.xxx.xxx:xxx
2023/01/23 16:22:56 [debug] 515222#0: *13336346 [lua] init.lua:1035: balancer(): enabled connection keepalive (pool=xxx.xxx.xxx.xxx|xxx|{{myauthhost}}, pool_size=60, idle_timeout=60, max_requests=100)
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] handler.lua:89: make_oidc(): OidcHandler calling authenticate, requested path: /service-worker.js
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] session.lua:630: start(): session.start
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] session.lua:584: open(): session.open
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] session.lua:262: get_cookie(): cookie name: cookie_session
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] session.lua:611: open(): cookie found
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] openidc.lua:1449: authenticate(): session.present=true, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] openidc.lua:553: openidc_discover(): openidc_discover: URL is: https://{{myauthhost}}/realms/MY-APP/.well-known/openid-configuration
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] openidc.lua:559: openidc_discover(): discovery data not in cache, making call to discovery endpoint
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] openidc.lua:427: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
2023/01/23 16:22:57 [debug] 515221#0: *13336351 [lua] init.lua:1006: balancer(): setting address (try 1): xxx.xxx.xxx.xxx:xxx
2023/01/23 16:22:57 [debug] 515221#0: *13336351 [lua] init.lua:1035: balancer(): enabled connection keepalive (pool=xxx.xxx.xxx.xxx|xxx|{{myauthhost}}, pool_size=60, idle_timeout=60, max_requests=100)
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] openidc.lua:572: openidc_discover(): response data: {"issuer":"https://{{myauthhost}}/realms/MY-APP","authorization_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/auth","token_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/token","introspection_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/token/introspect","userinfo_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/userinfo","end_session_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/logout","frontchannel_logout_session_supported":true,"frontchannel_logout_supported":true,"jwks_uri":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/certs","check_session_iframe":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials","urn:ietf:params:oauth:grant-type:device_code","urn:openid:params:grant-type:ciba","urn:ietf:params:oauth:grant-type:token-exchange"],"acr_values_supported":["0","1"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"id_token_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"userinfo_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"userinfo_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"userinfo_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"request_object_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"request_object_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"request_object_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"response_modes_supported":["query","fragment","form_post","query.jwt","fragment.jwt","form_post.jwt","jwt"],"registration_endpoint":"https://{{myauthhost}}/realms/MY-APP/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"introspection_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"introspection_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"authorization_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"authorization_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"authorization_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"claims_supported":["aud","sub","iss","auth_time","name","given_name","family_name","preferred_username","email","acr"],"claim_types_supported":["normal"],"claims_parameter_supported":true,"scopes_supported":["openid","roles","acr","phone","offline_access","address","microprofile-jwt","email","profile","web-origins"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"code_challenge_methods_sup
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] openidc.lua:658: openidc_get_token_auth_method(): 1 => private_key_jwt
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] openidc.lua:658: openidc_get_token_auth_method(): 2 => client_secret_basic
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] openidc.lua:658: openidc_get_token_auth_method(): 3 => client_secret_post
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] openidc.lua:660: openidc_get_token_auth_method(): configured value for token_endpoint_auth_method (client_secret_post) found in token_endpoint_auth_methods_supported in metadata
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] openidc.lua:688: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_post
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] openidc.lua:1480: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] init.lua:1006: balancer(): setting address (try 1): xxx.xxx.xxx.xxx:xxx
2023/01/23 16:22:57 [debug] 515222#0: *13336346 [lua] init.lua:1035: balancer(): enabled connection keepalive (pool=xxx.xxx.xxx.xxx|xxx|{{myauthhost}}, pool_size=60, idle_timeout=60, max_requests=100)
2023/01/23 16:22:59 [debug] 515215#0: *13338783 [lua] init.lua:288: [cluster_events] polling events from: 1674028682.787
kong log for logout with chromium
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] handler.lua:89: make_oidc(): OidcHandler calling authenticate, requested path: /logout
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] session.lua:630: start(): session.start
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] session.lua:584: open(): session.open
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] session.lua:262: get_cookie(): cookie name: cookie_session
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] session.lua:262: get_cookie(): cookie name: cookie_session_2
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] session.lua:611: open(): cookie found
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:1421: authenticate(): Logout path (/logout) is currently navigated -> Processing local session removal before redirecting to next step of logout process
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:553: openidc_discover(): openidc_discover: URL is: https://{{myauthhost}}/realms/MY-APP/.well-known/openid-configuration
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:559: openidc_discover(): discovery data not in cache, making call to discovery endpoint
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:427: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
2023/01/23 16:03:47 [debug] 515218#0: *13305464 [lua] init.lua:1006: balancer(): setting address (try 1): xxx.xxx.xxx.xxx:xxx
2023/01/23 16:03:47 [debug] 515218#0: *13305464 [lua] init.lua:1035: balancer(): enabled connection keepalive (pool=xxx.xxx.xxx.xxx|xxx|{{myauthhost}}, pool_size=60, idle_timeout=60, max_requests=100)
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:572: openidc_discover(): response data: {"issuer":"https://{{myauthhost}}/realms/MY-APP","authorization_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/auth","token_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/token","introspection_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/token/introspect","userinfo_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/userinfo","end_session_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/logout","frontchannel_logout_session_supported":true,"frontchannel_logout_supported":true,"jwks_uri":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/certs","check_session_iframe":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials","urn:ietf:params:oauth:grant-type:device_code","urn:openid:params:grant-type:ciba","urn:ietf:params:oauth:grant-type:token-exchange"],"acr_values_supported":["0","1"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"id_token_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"userinfo_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"userinfo_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"userinfo_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"request_object_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"request_object_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"request_object_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"response_modes_supported":["query","fragment","form_post","query.jwt","fragment.jwt","form_post.jwt","jwt"],"registration_endpoint":"https://{{myauthhost}}/realms/MY-APP/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"introspection_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"introspection_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"authorization_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"authorization_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"authorization_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"claims_supported":["aud","sub","iss","auth_time","name","given_name","family_name","preferred_username","email","acr"],"claim_types_supported":["normal"],"claims_parameter_supported":true,"scopes_supported":["openid","roles","acr","phone","offline_access","address","microprofile-jwt","email","profile","web-origins"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"code_challenge_methods_sup
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:658: openidc_get_token_auth_method(): 1 => private_key_jwt
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:658: openidc_get_token_auth_method(): 2 => client_secret_basic
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:658: openidc_get_token_auth_method(): 3 => client_secret_post
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:660: openidc_get_token_auth_method(): configured value for token_endpoint_auth_method (client_secret_post) found in token_endpoint_auth_methods_supported in metadata
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:688: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_post
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:1234: openidc_logout(): openidc logout
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] session.lua:630: start(): session.start
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] session.lua:632: start(): session is already started
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:1247: openidc_logout(): revoke_tokens_on_logout is enabled. trying to revoke access and refresh tokens...
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:658: openidc_get_token_auth_method(): 1 => private_key_jwt
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:658: openidc_get_token_auth_method(): 2 => client_secret_basic
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:658: openidc_get_token_auth_method(): 3 => client_secret_post
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:660: openidc_get_token_auth_method(): configured value for token_endpoint_auth_method (client_secret_post) found in token_endpoint_auth_methods_supported in metadata
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:688: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_post
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:460: call_token_endpoint(): client_secret_post: client_id and client_secret being sent in POST body
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:508: call_token_endpoint(): request body for revocation endpoint call: token=xxx.yyy.zzz-aa-bb&token_type_hint=access_token&client_id={{myclient}}&client_secret={{my_client_secret}}
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:427: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
2023/01/23 16:03:47 [debug] 515218#0: *13305464 [lua] init.lua:1006: balancer(): setting address (try 1): xxx.xxx.xxx.xxx:xxx
2023/01/23 16:03:47 [debug] 515218#0: *13305464 [lua] init.lua:1035: balancer(): enabled connection keepalive (pool=xxx.xxx.xxx.xxx|xxx|{{myauthhost}}, pool_size=60, idle_timeout=60, max_requests=100)
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:526: call_token_endpoint(): revocation endpoint response:
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:1221: openidc_revoke_token(): revocation of access_token successful
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] init.lua:1006: balancer(): setting address (try 1): xxx.xxx.xxx.xxx:xxx
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] init.lua:1035: balancer(): enabled connection keepalive (pool=xxx.xxx.xxx.xxx|xxx|{{myauthhost}}, pool_size=60, idle_timeout=60, max_requests=100)
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] handler.lua:89: make_oidc(): OidcHandler calling authenticate, requested path: /
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] session.lua:630: start(): session.start
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] session.lua:584: open(): session.open
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] session.lua:262: get_cookie(): cookie name: cookie_session
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] session.lua:623: open(): cookie not found => regenerate
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] session.lua:640: start(): session not present
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] session.lua:646: start(): session created
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:1449: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:553: openidc_discover(): openidc_discover: URL is: https://{{myauthhost}}/realms/MY-APP/.well-known/openid-configuration
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:559: openidc_discover(): discovery data not in cache, making call to discovery endpoint
2023/01/23 16:03:47 [debug] 515221#0: *13305291 [lua] openidc.lua:427: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
2023/01/23 16:03:47 [debug] 515218#0: *13305464 [lua] init.lua:1006: balancer(): setting address (try 1): xxx.xxx.xxx.xxx:xxx
2023/01/23 16:03:47 [debug] 515218#0: *13305464 [lua] init.lua:1035: balancer(): enabled connection keepalive (pool=xxx.xxx.xxx.xxx|xxx|{{myauthhost}}, pool_size=60, idle_timeout=60, max_requests=100)
2023/01/23 16:03:48 [debug] 515221#0: *13305291 [lua] openidc.lua:572: openidc_discover(): response data: {"issuer":"https://{{myauthhost}}/realms/MY-APP","authorization_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/auth","token_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/token","introspection_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/token/introspect","userinfo_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/userinfo","end_session_endpoint":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/logout","frontchannel_logout_session_supported":true,"frontchannel_logout_supported":true,"jwks_uri":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/certs","check_session_iframe":"https://{{myauthhost}}/realms/MY-APP/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials","urn:ietf:params:oauth:grant-type:device_code","urn:openid:params:grant-type:ciba","urn:ietf:params:oauth:grant-type:token-exchange"],"acr_values_supported":["0","1"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"id_token_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"userinfo_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"userinfo_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"userinfo_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"request_object_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512","none"],"request_object_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"request_object_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"response_modes_supported":["query","fragment","form_post","query.jwt","fragment.jwt","form_post.jwt","jwt"],"registration_endpoint":"https://{{myauthhost}}/realms/MY-APP/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"token_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"introspection_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post","tls_client_auth","client_secret_jwt"],"introspection_endpoint_auth_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"authorization_signing_alg_values_supported":["PS384","ES384","RS384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"authorization_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA1_5"],"authorization_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"claims_supported":["aud","sub","iss","auth_time","name","given_name","family_name","preferred_username","email","acr"],"claim_types_supported":["normal"],"claims_parameter_supported":true,"scopes_supported":["openid","roles","acr","phone","offline_access","address","microprofile-jwt","email","profile","web-origins"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"code_challenge_methods_sup
2023/01/23 16:03:48 [debug] 515221#0: *13305291 [lua] openidc.lua:658: openidc_get_token_auth_method(): 1 => private_key_jwt
2023/01/23 16:03:48 [debug] 515221#0: *13305291 [lua] openidc.lua:658: openidc_get_token_auth_method(): 2 => client_secret_basic
2023/01/23 16:03:48 [debug] 515221#0: *13305291 [lua] openidc.lua:658: openidc_get_token_auth_method(): 3 => client_secret_post
2023/01/23 16:03:48 [debug] 515221#0: *13305291 [lua] openidc.lua:660: openidc_get_token_auth_method(): configured value for token_endpoint_auth_method (client_secret_post) found in token_endpoint_auth_methods_supported in metadata
2023/01/23 16:03:48 [debug] 515221#0: *13305291 [lua] openidc.lua:688: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_post
2023/01/23 16:03:48 [debug] 515221#0: *13305291 [lua] openidc.lua:1480: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2023/01/23 16:03:48 [debug] 515221#0: *13305291 [lua] init.lua:1006: balancer(): setting address (try 1): xxx.xxx.xxx.xxx:xxx
2023/01/23 16:03:48 [debug] 515221#0: *13305291 [lua] init.lua:1035: balancer(): enabled connection keepalive (pool=xxx.xxx.xxx.xxx|xxx|{{myauthhost}}, pool_size=60, idle_timeout=60, max_requests=100)
2023/01/23 16:03:48 [debug] 515220#0: *13305529 [lua] init.lua:288: [cluster_events] polling events from: 1674028682.787
kong_log_chromium_second_login.txt
kong_log_firefox_second_login.txt