在Openresty和Keycloak中使用lua-resty-openidc进行会话超时/会话结束

我正在尝试配置OpenResty NGINX服务器与lua-resty-openidc一起使用。用于网站的身份验证。

请问是否有人知道如何让会话结束或者强制客户端刷新令牌？

我测试了在身份验证系统Keycloak中结束会话，但什么也没有发生，用户仍然可以访问网站，停留在网站上，并且不需要重新验证身份。

access_by_lua '
    local opts = {
            redirect_uri = "https://domain/redirect_uri",
            accept_none_alg = true,
            discovery = "https://a.domain/auth/realms/realm/.well-known/openid-configuration",
            client_id = "CLIENT",
            client_secret = "SEEECREET",
            redirect_uri_scheme = "https",
            logout_path = "/logout",
            redirect_after_logout_uri = "https://a.domain/auth/realms/realm/protocol/openid-connect/logout?redirect_uri=https://www.domain",
            redirect_after_logout_with_id_token_hint = false,
            session_contents = {id_token=true},
            access_token_expires_in = 3600,
            renew_access_token_on_expiry = true
        }
        -- 调用OAuth 2.0 Bearer访问令牌验证的introspect
        local oidc = require("resty.openidc")
        local res, err = oidc.authenticate(opts)

        -- 如果出现错误，则处理错误不是nil
        if err then
            ngx.status = 500
            ngx.say(err)
            ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
        end


        if  (res.id_token.roles == nil or res.id_token.roles == "") then
            ngx.log(ngx.INFO, "No Roles, therefore denied access to " .. res.id_token.preferred_username)
            ngx.exit(ngx.HTTP_FORBIDDEN)
        end


        if not string.find(res.id_token.roles, "searchRole") then
            ngx.log(ngx.INFO, "Denied acces to " .. res.id_token.preferred_username)
            ngx.exit(ngx.HTTP_FORBIDDEN)
        end

  ';