You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since Keycloak 24, the cookie handling is refactored base on these issues: #26500 #26847
However, the CookieType class is not extendible / usable in other parts of the code. We have some custom login components (e.g. automated identity brokering when you have multiple IDPs) that require additional cookies to be set. In the new setup, it is not possible to use the CookieProvider and CookieType for other cookies, e.g. a cookie to store a username or previously selected IDP.
Is it possible to make the CookieTypeBuilder visible / public, so it can be used to create other cookies as well?
Discussion
No response
Motivation
It is possible to create a complete new cookie SPI for our own extensions, however, this is a bit of an overkill for simple extension of the cookies and reduces the maintainabillity of our loginflow extensions.
Making the CookieTypeBuilder public is not a risk.
Details
No response
The text was updated successfully, but these errors were encountered:
@jonkoops It is indeed possible to read/set custom cookies in our own code. However, this includes duplication of code that is also present in the DefaultCookieProvider and was previously present in the CookieHelper util. Duplication of code introduces the risk of bugs and lowers maintainabillity of our extensions, thats why we created this ticket. Not using the new refactored code of the cookie handling for other purposes just seems to be a waste.
Not making the CookieTypeBuilder publicly available is a descission we can live with, but it was worth asking...
There is no plans to extend on CookieProvider to support custom cookies, instead just use:
NewCookie newCookie = new NewCookie.Builder("mycookie")
.maxAge(1232)
.value("myvalue")
.path(session.getContext().getUri().getRequestUri().getRawPath())
.build();
session.getContext().getHttpResponse().setCookieIfAbsent(newCookie);
I'm reluctant to support custom cookies in the cookie provider for two reasons; one the APIs there may change quite a bit, and secondly it is intended to manage internal cookies, and not custom cookies.
Description
Since Keycloak 24, the cookie handling is refactored base on these issues:
#26500
#26847
However, the CookieType class is not extendible / usable in other parts of the code. We have some custom login components (e.g. automated identity brokering when you have multiple IDPs) that require additional cookies to be set. In the new setup, it is not possible to use the CookieProvider and CookieType for other cookies, e.g. a cookie to store a username or previously selected IDP.
Is it possible to make the CookieTypeBuilder visible / public, so it can be used to create other cookies as well?
Discussion
No response
Motivation
It is possible to create a complete new cookie SPI for our own extensions, however, this is a bit of an overkill for simple extension of the cookies and reduces the maintainabillity of our loginflow extensions.
Making the CookieTypeBuilder public is not a risk.
Details
No response
The text was updated successfully, but these errors were encountered: