Add server side session support for the external cookie scheme #1551
Labels
Milestone
Comments
|
Hmm, my initial reaction is that this is up to customers in their external login code. IIRC, though, our server-side sessions allows for other schemes, right? |
|
It has obviously been considered before, but is not available: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The external cookies are sometimes very large and if the upstream Idp cannot be changed it's hard to do anything about the number of claims and token sizes. The claims can be filtered out in an event if there are claims that are known to be not needed. But in some cases all claims are needed.
Also some products put all the claims in the id_token resulting in very large tokens. And they need to be kept around for logout.
Adding a possibility to use server side sessions for the external cookie too would be a simple way to work around this.
The text was updated successfully, but these errors were encountered: