[keycloak-dev] Shouldn't external token by stored in UserSession?

Bill Burke bburke at redhat.com
Mon Mar 23 10:10:56 EDT 2015


Why is the external token stored in actual user storage 
(FederatedIdentityModel).  The token is really something specific to the 
UserSession and belongs there.

Also, there may not be one single item for "external token".  For 
example, OIDC has both an IDToken and access token.  The IDToken is 
actually used to perform a logout according to the OIDC logout profile.

Right now, our code is storing the AccessTokenResponse for OIDC, and the 
entire login response for SAML.
-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list