[keycloak-dev] Cross-DC and codeToToken request
bburke at redhat.com
Wed May 24 10:30:23 EDT 2017
On 5/24/17 9:38 AM, Stian Thorgersen wrote:
> On 24 May 2017 at 15:04, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
> We've talked about this earlier in the thread. The User session
> is needed as brokering or some other component might have stored
> temporary data within the user session that is being mapped to a
> claim. This will become especially important when we implement
> no-import brokering. Either the code has to contain all claims,
> or the user session has to be available.
> That's the part that I don't understand. Why would it even contain
> anything if the code is just a permission to obtain a token. We invoke
> any protocol mappers or anything until the first token is created.
I'm just saying that you may need information in the UserSession to be
able to create a token. Protocol mappers are iterated when deciding to
show the consent screen. I'm not sure why protocol mappers were stored
in the user session. Marek will have to answer that question.
More information about the keycloak-dev