[keycloak-user] Two browser tabs result in two
Anders Kabell Kristensen
anders.kabell.kristensen at systematic.com
Thu Oct 5 03:07:32 EDT 2017
By the way, our parameters to the js init function were lost in the mailing list.
It should have read:
keycloakAuth.init({ onLoad: 'login-required', responseMode: 'fragment', flow: 'standard', checkLoginIframe: false})
Cheers,
Anders
Date: Wed, 4 Oct 2017 05:47:52 -0700 (MST)
From: Anders KK <anders.kabell.kristensen at systematic.com>
Subject: [keycloak-user] Two browser tabs result in two
access-/refresh tokens and accidental logout
To: keycloak-user at lists.jboss.org
Message-ID: <1507121272796-0.post at n6.nabble.com>
Content-Type: text/plain; charset=us-ascii
Hi guys,
We run into an accidental logout when opening our application in a second tab in the browser. It seems that the second tab acquires its own access-/refresh token pair, however, the tabs share the session.
Consequently, when the first tab needs to refresh its token, the refresh token is no longer valid, resulting in the first tab initiating a logout - and then the second tab only lives until token expiration, since refresh fails due to the first tab having ended the session.
Looking into the js adapter code we got the impression that the tabs would share tokens through local storage - is this something we need to activate explicitly in the configuration?
We have a setup with an Angular2 app making use of the Keycloak js adapter.
We made use of the example provided with the 3.0.0 quickstarts, but modified the parameters for the init function:
Thanks for the great effort put into Keycloak!
Anders
More information about the keycloak-user
mailing list