[keycloak-dev] Cookie token storage for Spring Security

Hi all, It seems that "token-store: cookie" is not implemented for the Spring Security adapter. I would be happy to have a go at it, if nobody objects. One thing I'm wondering is why the cookie path for the adapter state cookie is always set to the context root in CookieTokenStore. In particular, it would seem that if I change the Spring Security adapter in a straightforward way to store the cookies, the cookie would always be set on "/sso", which would not be very useful. A second question I had is about the redirect after login. Currently the redirect location is stored in the HTTP session. Since you would typically enable "token-store: cookie" to get rid of HTTP sessions, that would also have to change. I couldn't really figure out how other adapters were doing this, and I don't have the time at the moment to experiment with the other adapters to see what happens; if someone could give me some pointers then that would be very helpful. Best regards, Sjoerd Cranen