In reference to Keycloak's documentation for account linking, I need to fetch user session id and client session id from the access token.
However, I only find something they call session_state on the token which apparently is the same as sessionId by looking at their javascript adapter source code.
I reckon that this is the user session id they are referring to? If so, where do I find this so called client session id?
In reference to Keycloak's documentation for account linking, I need to fetch user session id and client session id from the access token.
However, I only find something they call session_state on the token which apparently is the same as sessionId by looking at their javascript adapter source code.
I reckon that this is the user session id they are referring to? If so, where do I find this so called client session id?
Share Improve this question asked Oct 13, 2017 at 13:03 PetterPetter 7832 gold badges9 silver badges19 bronze badges 2- Got the same problem. Did you find a solution? – noircc Commented Jan 25, 2018 at 13:57
-
1
Yup! Turned out it as the client id. So something like this should work: Extract user session id and client session id ("aud" is the client id) from access token:
const { session_state, aud } = JSON.parse(decodeURIComponent(escape(atob(accessToken.split('.') [1]))))Create base64 hash:Base64.stringify(sha256(nonce + session_state + aud + 'facebookOrWhatever'))You also need make the resulting base64 encoded hash url friendly (i.e. '+' and '/' are replaced with '-' and '_' also remove any trailing '=' characters) – Petter Commented Jan 26, 2018 at 12:28
1 Answer
Reset to default 5Turned out it as the client id. So something like this should work:
Extract user session id and client session id ("aud" is the client id) from access token:
const { session_state, aud } = JSON.parse(decodeURIComponent(escape(atob(accessToken.split('.') [1]))))
Create base64 hash:
Base64.stringify(sha256(nonce + session_state + aud + 'facebookOrWhatever'))
You also need make the resulting base64 encoded hash url friendly (i.e. '+' and '/' are replaced with '-' and '_' also remove any trailing '=' characters)