[keycloak-dev] Social saving state

Stian Thorgersen stian at redhat.com
Thu Aug 1 11:45:48 EDT 2013


The social providers needs to save some state between a request and a callback (client_id, state, etc.). I've come up with 3 alternatives of how to save this state:

* In http session
* In a session cookie (encoded json)
* In-memory - this would require a flushing mechanism (if callback never happens, for example user just closes browser)

I'm not able to convince myself which is the better (or least bad), so do you have any thoughts?


More information about the keycloak-dev mailing list