notes about access and refresh tokens
Closes #26919 Signed-off-by: AndyMunro <amunro@redhat.com>
This commit is contained in:
parent
f1581adafe
commit
941e7cc3a5
1 changed files with 5 additions and 0 deletions
|
@ -119,6 +119,11 @@ try {
|
||||||
const users = await fetchUsers();
|
const users = await fetchUsers();
|
||||||
----
|
----
|
||||||
|
|
||||||
|
[NOTE]
|
||||||
|
====
|
||||||
|
Both access and refresh token are stored in memory and are not persisted in any kind of storage. Therefore, these tokens should never be persisted to prevent hijacking attacks.
|
||||||
|
====
|
||||||
|
|
||||||
==== Session Status iframe
|
==== Session Status iframe
|
||||||
|
|
||||||
By default, the adapter creates a hidden iframe that is used to detect if a Single-Sign Out has occurred. This iframe does not require any network traffic. Instead the status is retrieved by looking at a special status cookie. This feature can be disabled by setting `checkLoginIframe: false` in the options passed to the `init()` method.
|
By default, the adapter creates a hidden iframe that is used to detect if a Single-Sign Out has occurred. This iframe does not require any network traffic. Instead the status is retrieved by looking at a special status cookie. This feature can be disabled by setting `checkLoginIframe: false` in the options passed to the `init()` method.
|
||||||
|
|
Loading…
Reference in a new issue