Hello ,
I’m using keycloak js adapter, when this adapter call /token after receiving the auth code the response will be a JSON containing the access token and refresh token … is there any way to force keycloak server to return the access token and refresh token as HTTPonly cookies and not a JSON response ? if not can we customize the flow like this :
1- user is redirected to keycloak login page
2- after successful login the user is redirected to our SPA with the auth code
3- exchange the code with a token by sending a request to our API and not keycloak API
4-our backend exchange the code with token and put tokens in cookies
…
is that flow possible using the keycloakJS adapter ?
Thank you.