admin管理员组文章数量:1427340
What does the state, session_state and code url parameters represent in the url string after getting a redirect after logging in via keycloak?
I do keycloak.init to require a login and get redirected to the ChatPage portion of my react app:
this.state.appKeycloak.init({
onLoad: 'login-required',
redirectUri: 'http://localhost:3000/ChatPage'
})
After logging in to my local react app on http://localhost:3000 I see this in the URL:
http://localhost:3000/ChatPage#state=7....1&session_state=e...70&code=c...f6
What does the state, session_state, and code fields represent? Do any of them have the token I can decode to get the users login information?
What does the state, session_state and code url parameters represent in the url string after getting a redirect after logging in via keycloak?
I do keycloak.init to require a login and get redirected to the ChatPage portion of my react app:
this.state.appKeycloak.init({
onLoad: 'login-required',
redirectUri: 'http://localhost:3000/ChatPage'
})
After logging in to my local react app on http://localhost:3000 I see this in the URL:
http://localhost:3000/ChatPage#state=7....1&session_state=e...70&code=c...f6
What does the state, session_state, and code fields represent? Do any of them have the token I can decode to get the users login information?
Share Improve this question asked Sep 20, 2023 at 2:11 CAMD_3441CAMD_3441 3,2144 gold badges29 silver badges41 bronze badges2 Answers
Reset to default 3No, none of them do. Those are all parameters from various standards.
code is used for authorization code flow to exchange for the tokens at the token endpoint. You can get the access_token, refresh_token and id_token at the token endpoint by using the code.
state is used to prevent CSRF attacks either by attackers initiating requests to the authorization endpoint or forging responses to the application redirect endpoint.
session_state is part of the OpenID Connect Session Management specification where you use an iframe to check if the SSO user has logged out for instance.
Likely what you really want to know is the following
const authenticated = await keycloak.init({
onLoad: 'login-required',
redirectUri: 'http://localhost:3000/ChatPage'
});
if(authenticated) {
console.log(keycloak.token);
console.log(keycloak.tokenParsed);
console.log(keycloak.idToken);
console.log(keycloak.idTokenParsed);
console.log(keycloak.refreshToken);
console.log(keycloak.refreshTokenParsed);
console.log(keycloak.sessionId);
console.log(keycloak.subject);
console.log(keycloak.realmAccess);
console.log(keycloak.resourceAccess);
}
本文标签:
版权声明:本文标题:javascript - what does state, session_state, and code url paremeters from a keycloak redirect represent? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745495072a2660771.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论