From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Friday, 16 May, 2014 2:48:06 PM
Subject: [keycloak-dev] oauth clients and session problems
I think oauth grants are a different animal than application logins.
Applications are part of an SSO session, while oauth grants will
probably not want to be part of an SSO session. Why? If an Oauth grant
requires entering in user credentials, right now, Keycloak will create a
identity cookie. The user might not know in this situation that they
need to logout.
I was thinking that:
1. OAuth Client grant requests should always have a new session created
for them.
2. OAuth client grant requests should not ever set any cookies. Its ok
to use existing cookies for authentication though.
3. ssoSessionIdleTimeout and ssoSessionMaxLifespan should be overridable
for each oauth client and application.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev