[keycloak-user] Two clients to share tokens
Pedro Igor Silva
psilva at redhat.com
Fri Sep 6 16:32:30 EDT 2019
Hi,
I guess you are referring to ID Tokens.
If so, it is not possible. ID tokens represent the result of an
authentication, using a client that is acting on behalf of your users.
Distinct clients mean distinct ID Tokens and sessions on the server.
Keycloak tracks sessions on a per-client basis (grouped under a user
session).
Also, during authentication, in addition to the ID Token, you usually also
get (and need) an access token and refresh token. Only the client to which
those tokens were issued is allowed to use them.
Regards.
Pedro Igor
On Fri, Sep 6, 2019 at 12:45 PM Yang Yang <yy8402 at icloud.com> wrote:
> Hello,
>
> Is it possible for two clients of the same realm share tokens?
>
> I am aware that when a user gets the token for a client, she will be
> redirected to get a new token when accessing another client. This is
> reasonable and necessary to stop attacks like CSRF, but if both of the two
> clients are trusted and registered on the same realm, we may be able to
> simplify the process.
>
> If possible, could you help to tell how to do it?
>
> Thanks,
> Yang
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list