I have setup Grafana to use local instance of keycloak using generic oAuth option. All the things work perfectly, it redirects user to the keycloak for login, then it redirects to home page of Grafana after successful login.
On signout, it logs out user first from Grafana and then from Keycloak and redirects the page to login.
I have also configured one more application (MyApp) to use keycloak as our authentication provider.
Lets say I logged in into MyApp (through keycloak) with user user123, it auto logs me in Grafana in separate tab. Which is really good.
Now, when I log out from MyApp, which internally calls keycloak logout, the another tab having Grafana doesnt log out. it stays with the active session. I checked in keycloak for that user session, it doesnt show any active session. This happens if I tries to logout from keycloak itself for the same user.
In appose to that, if I tries to logout from Grafana, the other all applications log out user and pages get redirected to login page.
I tried to use - token_rotation_interval_minutes = 1 (default is 10)
but it doesnt tries to rotate the token. is there any bug for above parameter not taking effect at all not for 1 min nor for 10 min. The session remain active even after 4-5 hours.
This is very important feature of oAuth and would like to know, if I am missing any setting in grafana.ini file or is there anything which can be fixed in Grafana modules?