Hi everyone,
The endpoint /auth/realms/<realm>/protocol/openid-connect/access/codes has a
parameter for the session id of a secured application (adapters use it):
application_session_state. The Endpoint
/auth/realms/<realm>/protocol/openid-connect/refresh has not. At least this is what
i saw within the code. Sorry, if it's there.
We have integrated our own application a la adapter, using these two url's and
it's working fine. Our application completes the login via the first endpoint and
changes it's session id after the successful login. This means when a logout event is
send to our application, the old session id is used.
So i'm asking if it makes sense to you to have the same parameter for the refresh-url
to cover our requirement or to integrate an application_session_state update endpoint to
add/delete/update additional/new session id's.
Best Regrads
Sebastian