I have a multi-tenant single page application that authenticates via a backend for frontend (BFF). I want to create the code_verifier
server side and handle the callback from keycloak server-side as well.
My issue is that I am loosing the user’s session context when keycloak calls the BFF. Consequently, I cannot get the code_verifier
to finish the flow.
Is there a way to pass some sort of context (a session id in my case) to the initial authorization request that I can retrieve e.g., as an additional query param in the redirect uri or similar?
Is this something I shouldn’t do for some reason?
For reference, i already posted the broader context of this question on stack overflow.