[keycloak-user] Sessions vs Tokens
Matt H
tsdgcc2087 at outlook.com
Wed Dec 14 14:18:52 EST 2016
I'm not sure how best to describe this but I have seen times when I called a secured endpoint (secured with spring security adapter) but a token was not passed and I was able to gain access. The first time I went to a secured endpoint I had to log into keycloak to authenticate, but then on each request, only a session id was passed and no JWT. Is this the standard behavior? If there is no JWT, where are the claims read from?
Matt
More information about the keycloak-user
mailing list