[keycloak-dev] application session state update
Marek Posolda
mposolda at redhat.com
Mon Mar 30 17:00:03 EDT 2015
On 27.3.2015 17:22, Sebastian Rose wrote:
>
> Hi everyone,
>
> The endpoint /auth/realms/<realm>/protocol/openid-connect/access/codes
> has a parameter for the session id of a secured application (adapters
> use it): application_session_state. The Endpoint
> /auth/realms/<realm>/protocol/openid-connect/refresh has not. At least
> this is what i saw within the code. Sorry, if it's there.
>
> We have integrated our own application a la adapter, using these two
> url's and it's working fine. Our application completes the login via
> the first endpoint and changes it's session id after the successful
> login. This means when a logout event is send to our application, the
> old session id is used.
>
So you're not using servlet API but something completely different?
Which framework are you using? Just curious about your usecase as in
normal servlet application the HttpSession ID is same for the whole life
of user interaction and doesn't need to be changed after authentication
(or during refresh).
Marek
>
> So i'm asking if it makes sense to you to have the same parameter for
> the refresh-url to cover our requirement or to integrate an
> application_session_state update endpoint to add/delete/update
> additional/new session id's.
>
> Best Regrads
>
> Sebastian
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150330/5546e1db/attachment.html
More information about the keycloak-dev
mailing list