Hi, I'm currently using Keycloak as the OIDC provider.
I'm testing out the Logout button, and it seems that Keycloak requires either client_id or id_token_hint for their logout.
I know this is a 'recommended/optional' parameter per spec (https://openid.net/specs/openid-connect-rpinitiated-1_0.html), but currently thereis no way I can customize the URL through configuration.
Would it be possible to include the either the client_id or id_token_hint in the logout for the sake of abiding to the specification?
I'm guessing adding the client_id is the easiest fix.
Keycloak logs:
2026-02-24 08:41:37,353 WARN [org.keycloak.events] (executor-thread-23) type="LOGOUT_ERROR", realmId="1f1383ad-637a-4c39-9af3-7bf1261bd166", realmName="test-realm", clientId="null", userId="null", ipAddress="192.168.0.2", error="invalid_request", reason="Either the parameter 'client_id' or the parameter 'id_token_hint' is required when 'post_logout_redirect_uri' is used."
2026-02-24 08:41:37,353 WARN [org.keycloak.protocol.oidc.endpoints.LogoutEndpoint] (executor-thread-23) Either the parameter 'client_id' or the parameter 'id_token_hint' is required when 'post_logout_redirect_uri' is used.
Related question: #186
Related issue: #125
Hi, I'm currently using Keycloak as the OIDC provider.
I'm testing out the Logout button, and it seems that Keycloak requires either
client_idorid_token_hintfor their logout.I know this is a 'recommended/optional' parameter per spec (https://openid.net/specs/openid-connect-rpinitiated-1_0.html), but currently thereis no way I can customize the URL through configuration.
Would it be possible to include the either the
client_idorid_token_hintin the logout for the sake of abiding to the specification?I'm guessing adding the
client_idis the easiest fix.Keycloak logs:
Related question: #186
Related issue: #125