Hi everyone,

The endpoint /auth/realms/<realm>/protocol/openid-connect/access/codes has a parameter for the session id of a secured application (adapters use it): application_session_state. The Endpoint /auth/realms/<realm>/protocol/openid-connect/refresh has not. At least this is what i saw within the code. Sorry, if it's there.

We have integrated our own application a la adapter, using these two url's and it's working fine. Our application completes the login via the first endpoint and changes it's session id after the successful login. This means when a logout event is send to our application, the old session id is used.

So i'm asking if it makes sense to you to have the same parameter for the refresh-url to cover our requirement or to integrate an application_session_state update endpoint to add/delete/update additional/new session id's.

Best Regrads

Sebastian