Adding context to oidc authorization code flow on initial request

I have a multi-tenant single page application that authenticates via a backend for frontend (BFF). I want to create the code_verifier server side and handle the callback from keycloak server-side as well.

My issue is that I am loosing the user’s session context when keycloak calls the BFF. Consequently, I cannot get the code_verifier to finish the flow.

Is there a way to pass some sort of context (a session id in my case) to the initial authorization request that I can retrieve e.g., as an additional query param in the redirect uri or similar?

Is this something I shouldn’t do for some reason?

For reference, i already posted the broader context of this question on stack overflow.

Although I cannot say I completely understood what you are trying to achieve here, I know the state parameter exists for passing information through the flow and back to the relaying party (your app).

thank you for your answer. i misunderstood the redirect callback. i did not know that the redirct uri is called by the browser. i assumed that the redirect uri is called directly by the keycloak server. hence, the question on how to pass context through the authorization flow…

in the end i had a session problem. session cookies were not transported correctly.