OIDC_id_token is not added when OIDCSessionType client-cookie #650
-
Hi, just an observation and I guess looking for confirmation. When I set OIDCSessionType client-cookie and OIDCPassIDTokenAs claims serialized (or likely OIDCPassIDTokenAs serialized for that matter). the OIDC_id_token header or var is not added. As soon as a change OIDCSessionType to server-cache (or comment it out completely) the OIDC_id_token is added. Can you confirm this is expected? #OIDCSessionType client-cookie This passes OIDC_id_token. As soon as I uncomment OIDCSessionType and restart OIDC_id_token is no longer passed. I haven't decided on OIDCSessionType or my clustering / session / cache details. I think to to have a robust cluster I will likely need to use server-cache anyway, there is more research to be done by me on that for sure. I could find anywhere that OIDC_id_token requires server-cache so I thought I would raise it to see if it's expected. Many thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
this is expected behaviour: storing the |
Beta Was this translation helpful? Give feedback.
this is expected behaviour: storing the
id_token
in the client side cookie would almost double its size and it duplicate other information already parsed into the session (e.g. claims); I've added a note here: d071a4a