[keycloak-user] Keycloak OAuth_Token_Request_State Cookie is not secure
Hossein Doutaghy
hossein.doutaghy at gmail.com
Fri Sep 14 19:00:37 EDT 2018
Hi,
I have observed that all the keycloak cookies are secured except the
OAuth_Token_Request_State cookie.
1) Does this cookie need to be flagged as secure?
2) What kind of data is stored in this cookie? And what is it used for?
This keycloak commit shows the work was done to set the secure flag on
the OAuth_Token_Request_State
cookie back in 2016 but I am not seeing this cookie to be secure in my
keycloak server.
https://github.com/keycloak/keycloak/commit/57b6ddbace135e4701f3d3e309282ed8459d58ff
Thanks,
Moe
More information about the keycloak-user
mailing list