From d87fb3e02964f4dabdde4dacc6301285bb839b0e Mon Sep 17 00:00:00 2001
From: Rohith <gambol99@gmail.com>
Date: Fri, 6 May 2016 10:19:35 +0100
Subject: [PATCH] - shifing to version v1.0.6 (#62)

- updating the CHANGELOG and the README
---
 .gitignore   | 1 +
 CHANGELOG.md | 7 +++++++
 README.md    | 6 +++++-
 doc.go       | 2 +-
 4 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index e3d5ef7..8034d34 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 
+*.swp
 .idea/
 bin/
 release/
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e07dc3e..af5aa4c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,11 @@
 
+#### **1.0.6 (May 6th, 2016)**
+
+FIXES:
+ * Fixed the logout endpoint, ensuring users sessions are revoked. Note: i've not really tested this against Keycloak
+   and Google. Revocation or logouts seems to have somewhat scattered implementation across providers.
+
+
 #### **1.0.5 (May 3th, 2016)**
 
 FEATURES:
diff --git a/README.md b/README.md
index 8cba78e..e01d0e6 100644
--- a/README.md
+++ b/README.md
@@ -318,10 +318,14 @@ which was signed by the CA being used.
 
 Refresh tokens are either be stored as an encrypted cookie or placed (encrypted) in a shared / local store. At present, redis and boltdb are the only two methods supported. To enable a local boltdb store. --store-url boltdb:///PATH or relative path boltdb://PATH. For redis the option is redis://HOST:PORT. In both cases the refresh token is encrypted before placing into the store
 
-#### **- Refresh & Offline Tokens**
+#### **- Refresh Tokens**
 
 Assuming access response responds with a refresh token and the --enable-refresh-token is true, the proxy will automatically refresh the access token for you. The tokens themselves are kept either as an encrypted (--encryption-key=KEY) cookie (cookie name: kc-state). Alternatively you can place the refresh token (still requires encryption key) in a local boltdb file or shared redis. Naturally the encryption key has to be the same on all instances and boltdb is for single instance only developments.
 
+#### **- Logout Endpoint**
+
+A /oauth/logout?redirect=url is provided as a helper to logout the users, aside from dropping a sessions cookies, we also attempt to refrevoke session access via revocation url (config revocation-url or --revocation-url) with the provider. For keycloak the url for this would be https://keycloak.example.com/auth/realms/REALM_NAME/protocol/openid-connect/logout, for google /oauth/revoke 
+
 #### **- Cross Origin Resource Sharing (CORS)**
 
 You are permitted to add CORS following headers into the /oauth uri namespace
diff --git a/doc.go b/doc.go
index 084992f..05b9cb5 100644
--- a/doc.go
+++ b/doc.go
@@ -22,7 +22,7 @@ import (
 
 const (
 	prog        = "keycloak-proxy"
-	version     = "v1.0.5"
+	version     = "v1.0.6"
 	author      = "Rohith"
 	email       = "gambol99@gmail.com"
 	description = "is a proxy using the keycloak service for auth and authorization"
-- 
GitLab