[keycloak-dev] oauth clients and session problems
Stian Thorgersen
stian at redhat.com
Fri May 16 09:55:28 EDT 2014
Are you talking about 'tokens/grants/access'?
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Friday, 16 May, 2014 2:48:06 PM
> Subject: [keycloak-dev] oauth clients and session problems
>
> I think oauth grants are a different animal than application logins.
> Applications are part of an SSO session, while oauth grants will
> probably not want to be part of an SSO session. Why? If an Oauth grant
> requires entering in user credentials, right now, Keycloak will create a
> identity cookie. The user might not know in this situation that they
> need to logout.
>
> I was thinking that:
>
> 1. OAuth Client grant requests should always have a new session created
> for them.
> 2. OAuth client grant requests should not ever set any cookies. Its ok
> to use existing cookies for authentication though.
> 3. ssoSessionIdleTimeout and ssoSessionMaxLifespan should be overridable
> for each oauth client and application.
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list