Hi folks,   I have a question about access token. I've admit that I didn't read in toto the openidc spec :( I have a mobile app that has an access token used for API invocation and I need to open a webview to show a private page.  I've read that I need to set the state cookie ( http://lists.jboss.org/ pipermail/keycloak-user/2016-October/007911.html ) with a redirect, and I can do it. But how can I get a code parameter from an access token? Maybe is there another way to do it? Thanks, Domenico Briganti