On 27.3.2015 17:22, Sebastian Rose wrote:
Hi everyone,
The endpoint /auth/realms/<realm>/protocol/openid-connect/access/codes
has a parameter for the session id of a secured application (adapters
use it): application_session_state. The Endpoint
/auth/realms/<realm>/protocol/openid-connect/refresh has not. At least
this is what i saw within the code. Sorry, if it's there.
We have integrated our own application a la adapter, using these two
url's and it's working fine. Our application completes the login via
the first endpoint and changes it's session id after the successful
login. This means when a logout event is send to our application, the
old session id is used.
So you're not using servlet API but something completely different?
Which framework are you using? Just curious about your usecase as in
normal servlet application the HttpSession ID is same for the whole life
of user interaction and doesn't need to be changed after authentication
(or during refresh).
Marek
So i'm asking if it makes sense to you to have the same parameter for
the refresh-url to cover our requirement or to integrate an
application_session_state update endpoint to add/delete/update
additional/new session id's.
Best Regrads
Sebastian
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev