How to reliably get keycloak session id programmatically at backend?

[Leonid Rozenblyum]

Hi!

We're using a Spring Security webapplication with Keycloak (via keycloak-spring-security adapter).

Question: what's the reliable source of the keycloak session id on backend? (for example for purposes of further calls of Keycloak Admin REST API to log it out).

I found out that the needed id looks to be provided in IdToken's getSessionState method (in Keycloak 8.0.1).

However I'm not sure if it's a legal/documented way to do that or there are better ways to get the needed id?