Keycloak cookies : KEYCLOAK_SESSION,Oauth_token_request_state, KEYCLOAK_IDENTITY

keycloak keycloak-services
siddhartha chakraborty picture siddhartha chakraborty · May 29, 2018 · Viewed 13.9k times · Source

Can someone please explain the cookies set by Keycloak: KEYCLOAK_SESSION,Oauth_token_request_state, KEYCLOAK_IDENTITY.

What is the relevance of each cookies?

Answer

antoine picture antoine · Jun 13, 2018

They are cookies for internal use of Keycloak.

KEYCLOAK_IDENTITY contains a token (JWT) with the user ids. You can view its content using jwt.io (for example). This cookie lives with your browser session and can also be refreshed with SSO. (for example, if you change some of your personal data in the "Manage my account")

KEYCLOAK_SESSION your session id associated to the concerned realm.

Oauth_token_request_state is part of the Oauth spec in order to avoid hacking of the redirect link after login

Related questions

Avoid keycloak default login page and use project login page

I am working on creating an angular.js web application and looking for how to integrate keycloak into the project. I have read and watched many tutorials and I see that most of them have users logging/registering through the …

Read More
Access the keycloak API from postman

I have tried to access the keycloak API from the postman. but it is showing 400 bad request. I was calling api in the below format. http://{hostname}:8080/auth/realms/master/protocol/openid-connect/token?username=admin&password=admin&client_…

Read More
KeyCloak User validation and getting token

First of all I am very new to Keycloak and excuse me if something I am asking might be wrong. I have installed the Keycloak server and I can access the Web UI for the same using: http://localhost:8008/auth …

Read More