[keycloak-user] Remove session code from URL to prevent security vulnerability

Wednesday, 22 May 2019

When authenticating from KeyCloak login page it pass session code as a
query param. Are there a way to avoid this and pass session code in
different manner (ex: as a header param)

POST
https://xxx/auth/realms/xxx/login-actions/authenticate?session_code=xxxxx...
HTTP/1.1

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

[keycloak-user] Remove session code from URL to prevent security vulnerability