對于用戶的登出/注銷操作，都可以設置一個回調接口，這個接口是作用到client上面的，并且必須是POST接口，相關回調方法的調用，可以參考keycloak14.0.0的這個方法:

• org.keycloak.services.managers.sendBackChannelLogoutRequestToClientUri
• 核心代碼段

LogoutToken logoutToken = session.tokens().initLogoutToken(resource, user, clientSessionModel);
String token = session.tokens().encode(logoutToken);
if (logger.isDebugEnabled())
    logger.debugv("logout resource {0} url: {1} sessionIds: ", resource.getClientId(), managementUrl);
HttpPost post = null;
try {
    post = new HttpPost(managementUrl);
    List<NameValuePair> parameters = new LinkedList<>();
    if (logoutToken != null) {
        parameters.add(new BasicNameValuePair(OAuth2Constants.LOGOUT_TOKEN, token));
    }
    CloseableHttpClient httpClient = session.getProvider(HttpClientProvider.class).getHttpClient();
    UrlEncodedFormEntity formEntity;
    formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
    post.setEntity(formEntity);
    try (CloseableHttpResponse response = httpClient.execute(post)) {
        try {
            int status = response.getStatusLine().getStatusCode();
            EntityUtils.consumeQuietly(response.getEntity());
            boolean success = status == 204 || status == 200;
            logger.debugf("logout success for %s: %s", managementUrl, success);
            return Response.status(status).build();
        } finally {
            EntityUtils.consumeQuietly(response.getEntity());
        }
    }
} catch (IOException e) {
    ServicesLogger.LOGGER.logoutFailed(e, resource.getClientId());
    return Response.serverError().build();
} finally {
    if (post != null) {
        post.reset();
    }
}

登出回調的配置

1 keycloak對client的配置

2 回調方法配置

3 回調接口日志輸出