[keycloak-user] keycloak.js - page reloads itself when logged in

Andy Yar andyyar66 at gmail.com
Fri Sep 9 10:26:13 EDT 2016 

Ok, so it must be related to my usage scenario.

I don't use keycloak.js served from the Keycloak server but as a local node
module instead. Then again I run my Angular app on localhost and I auth it
against a Keycloak which runs on a dedicated server/domain.

FYI my Keyclok admin console works normally - no refreshes.

On Fri, Sep 9, 2016 at 3:39 PM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> By the way I just tried the angular product example here and it works just
> fine in Chrome and Firefox.
>
> On 9 September 2016 at 11:04, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> Are you getting the same behavior from the admin console? It's Angular
>> and uses keycloak.js.
>>
>> On 9 September 2016 at 10:41, Andy Yar <andyyar66 at gmail.com> wrote:
>>
>>> In my case the original AngularJS demo acts in the same way as the
>>> Angular2 one.
>>>
>>> On Thu, Sep 8, 2016 at 3:48 PM, Andy Yar <andyyar66 at gmail.com> wrote:
>>>
>>>> Ok, will check the original AngularJS demo for that harmless
>>>> window.postMessage().
>>>>
>>>> Thanks for your effort!
>>>>
>>>> On Thu, Sep 8, 2016 at 2:50 PM, Stian Thorgersen <sthorger at redhat.com>
>>>> wrote:
>>>>
>>>>> Just spotted you're using the Angular2 example. I've got no clue about
>>>>> that one. It was community contributed and we've not had any experience
>>>>> with Angular2 ourselves.
>>>>>
>>>>> Please try if you're getting similar behavior with Angular 1 example.
>>>>>
>>>>> There should be no page reload on the cookie check. It's just a window
>>>>> postMessage and it doesn't do anything that should cause the page to reload.
>>>>>
>>>>> On 8 September 2016 at 14:07, Andy Yar <andyyar66 at gmail.com> wrote:
>>>>>
>>>>>> Yes, I did - Web Origins: http://localhost:4200. Thats where my dev
>>>>>> server runs. When I change the origin in the Keycloak admin console to
>>>>>> something different I can't even log in due to CORS errors. So I guess this
>>>>>> setting is correct.
>>>>>>
>>>>>> Setting a really short max SSO session TTL results in both cookie
>>>>>> checks (quiet Chrome and page reloading Firefox/Edge) detecting the tokens'
>>>>>> validity and redirecting to the login page.
>>>>>>
>>>>>> My other observation, when I perform a SSO logout in Keycloak the app
>>>>>> running in Chrome doesn't log me out after its quiet cookie check. In
>>>>>> Firefox/Edge it detects the SSO logout correctly during the horrible cookie
>>>>>> checking page reload.
>>>>>>
>>>>>> On Thu, Sep 8, 2016 at 7:39 AM, Stian Thorgersen <sthorger at redhat.com
>>>>>> > wrote:
>>>>>>
>>>>>>> Did you add correct origins for your app in the Keycloak admin
>>>>>>> console?
>>>>>>>
>>>>>>> On 7 September 2016 at 16:30, Andy Yar <andyyar66 at gmail.com> wrote:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>> I've tried running https://github.com/keycloak/ke
>>>>>>>> ycloak/tree/master/examples/demo-template/angular2-product-app app
>>>>>>>> on localhost against my Keycloak instance. The page reloading issue caused
>>>>>>>> by iFrame checks was present too.
>>>>>>>>
>>>>>>>> The only significant change I made to the demo app was replacing
>>>>>>>> the keycloak.json with mine. The difference is using a non-localhost URL:
>>>>>>>> "auth-server-url": "http://<serverURL>:8080/sso". CORS comes to
>>>>>>>> mind.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Sep 6, 2016 at 2:43 PM, Andy Yar <andyyar66 at gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> I've spent some time in Firefox's debugger and found out that the
>>>>>>>>> redirect occurs right after the window.postMessage() is called in the
>>>>>>>>> checkLoginFrame function.
>>>>>>>>>
>>>>>>>>> The demo project code seems to be in line with my code. Might try
>>>>>>>>> it's runtime behavior later.
>>>>>>>>>
>>>>>>>>> On Tue, Sep 6, 2016 at 8:19 AM, Marek Posolda <mposolda at redhat.com
>>>>>>>>> > wrote:
>>>>>>>>>
>>>>>>>>>> On 01/09/16 23:34, Andy Yar wrote:
>>>>>>>>>>
>>>>>>>>>> Hello,
>>>>>>>>>> I've created a template of a Angular based app using keycloak.js
>>>>>>>>>> lib. After a successful login the app/page periodically reloads itself. I
>>>>>>>>>> guess it's because of the iFrame session check being set to 5sec interval
>>>>>>>>>> (requesting url: <base_url>/#state=<hash>&code=<hash>).
>>>>>>>>>>
>>>>>>>>>> That's strange... IFrame is supposed to just check the cookie,
>>>>>>>>>> not to do any reload.
>>>>>>>>>>
>>>>>>>>>> Maybe take a look at our angular examples and see if you do
>>>>>>>>>> something differently? See https://github.com/keycloak/ke
>>>>>>>>>> ycloak/tree/master/examples/demo-template/angular-product-app .
>>>>>>>>>> Note the angular.bootstrap called after Keycloak authentication is fully
>>>>>>>>>> finished.
>>>>>>>>>>
>>>>>>>>>> Marek
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> This happens in latest Firefox and Edge. Chrome seems to handle
>>>>>>>>>> these reloads quietly.
>>>>>>>>>>
>>>>>>>>>> Is this intended?
>>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing list
>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160909/11768872/attachment.html

More information about the keycloak-user mailing list