How to make it stateless oidc login instead of using stateful JSessionid?
Closed this issue · 0 comments
Hi, first of all, thank you for your sample application, they're really helpful!
I'm sorry that I'm really a newbie to OAuth2:
Scenario
As I dig through your tutorial, I found that, after user login into Spring Authorization Server, only a simple JSESSIONID cookie is stored in browser(one for oauth2 server, another for oauth2 client, and you prevent them from conflicting with each other within localhost by renaming the client one to "CLIENT-SESSION", good job!). However these cookies, unfortunately, are stateful, which is really inconvenient in load-balancing context.
Question
So could you please give an example(maybe just give me a hint) on how can I use stateless token so that all authentication and authorization process are completed stateless, I guess issue JWT with access and refresh tokens are optimal, but I don't know how to implement that with .oauth2Login.
Thank you :)