Can someone please explain the cookies set by Keycloak: KEYCLOAK_SESSION,Oauth_token_request_state, KEYCLOAK_IDENTITY.
What is the relevance of each cookies?
Keycloak cookies : KEYCLOAK_SESSION,Oauth_token_request_state, KEYCLOAK_IDENTITY
Asked Answered
Where have you retrieved them from? What's their content? –
Carlinecarling
They are cookies for internal use of Keycloak.
KEYCLOAK_IDENTITY contains a token (JWT) with the user ids. You can view its content using jwt.io (for example). This cookie lives with your browser session and can also be refreshed with SSO. (for example, if you change some of your personal data in the "Manage my account")
KEYCLOAK_SESSION your session id associated to the concerned realm.
Oauth_token_request_state is part of the Oauth spec in order to avoid hacking of the redirect link after login
Why these cookies are not setting a secure flag? Any idea? –
Prong
Does anybody what KEYCLOAK_IDENTITY_LEGACY means? –
Stapleton
Keycloak has evolved a lot since 2018, cookie management has changed, you might find fresher answer in the official documentation than this post : keycloak.org/docs/latest –
Mandi
Is anyone tell me, How will I get access token from KEYCLOAK_IDENTITY? To connect with our backend service. –
Summarize
Hello @MohankumarD, I think you should start a new question to get better answer, this thread is over. Please don't forget to add more details in your question such as the Keycloak version and how you are using it –
Mandi
The LEGACY cookies were to deal with the SameSite cookie changes in Chrome and legacy issues with other browsers. They are effectively the same thing as the non LEGACY versions but with different flags to handle the legacy browsers. –
Steelmaker
I'm having issues with the size of these. Is it possible to remove these LEGACY cookies in any way? –
Backspin
© 2022 - 2024 — McMap. All rights reserved.