科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - what does state, session_state, and code url paremeters from a keycloak redirect represent? - Stack Overflow

    javascript - what does state, session_state, and code url paremeters from a keycloak redirect represent? - Stack Overflow

    programmeradmin0浏览0评论

    What does the state, session_state and code url parameters represent in the url string after getting a redirect after logging in via keycloak?

    I do keycloak.init to require a login and get redirected to the ChatPage portion of my react app:

    this.state.appKeycloak.init({
    onLoad: 'login-required',
    redirectUri: 'http://localhost:3000/ChatPage'
})

    After logging in to my local react app on http://localhost:3000 I see this in the URL:

    http://localhost:3000/ChatPage#state=7....1&session_state=e...70&code=c...f6

    What does the state, session_state, and code fields represent? Do any of them have the token I can decode to get the users login information?

    What does the state, session_state and code url parameters represent in the url string after getting a redirect after logging in via keycloak?

    I do keycloak.init to require a login and get redirected to the ChatPage portion of my react app:

    this.state.appKeycloak.init({
    onLoad: 'login-required',
    redirectUri: 'http://localhost:3000/ChatPage'
})

    After logging in to my local react app on http://localhost:3000 I see this in the URL:

    http://localhost:3000/ChatPage#state=7....1&session_state=e...70&code=c...f6

    What does the state, session_state, and code fields represent? Do any of them have the token I can decode to get the users login information?

    • javascript
    • reactjs
    • keycloak
    Share Improve this question asked Sep 20, 2023 at 2:11 CAMD_3441CAMD_3441 3,2144 gold badges29 silver badges41 bronze badges
    Add a ment  | 

    2 Answers 2

    Reset to default 3

    No, none of them do. Those are all parameters from various standards.

    code is used for authorization code flow to exchange for the tokens at the token endpoint. You can get the access_token, refresh_token and id_token at the token endpoint by using the code.

    state is used to prevent CSRF attacks either by attackers initiating requests to the authorization endpoint or forging responses to the application redirect endpoint.

    session_state is part of the OpenID Connect Session Management specification where you use an iframe to check if the SSO user has logged out for instance.

    Likely what you really want to know is the following

    const authenticated = await keycloak.init({
    onLoad: 'login-required',
    redirectUri: 'http://localhost:3000/ChatPage'
});
if(authenticated) {
    console.log(keycloak.token);
    console.log(keycloak.tokenParsed);
    console.log(keycloak.idToken);
    console.log(keycloak.idTokenParsed);
    console.log(keycloak.refreshToken);
    console.log(keycloak.refreshTokenParsed);
    console.log(keycloak.sessionId);
    console.log(keycloak.subject);
    console.log(keycloak.realmAccess);
    console.log(keycloak.resourceAccess);
}
    继续浏览有关 的文章

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论