[keycloak-user] keep login state after closing browser

Marek Posolda mposolda at redhat.com
Mon Feb 5 03:18:01 EST 2018 

Few tips:
- If you enable "Remember me" for the realm, the KEYCLOAK_IDENTITY 
cookie won't be cleared at the end of browser session.
- There is callback "onTokenExpired", which you can use in keycloak.js 
adapter when the accessToken is expired. You will be redirected back to 
Keycloak server and re-logged with SSO (as long as KEYCLOAK_IDENTITY is 
still valid).

The approach with "token" may work, but I would personally use the 
approach with shorter token timeouts and redirect to the SSO, assuming 
that rememberMe will work. This has some downsides (redirect to the 
Keycloak needed periodically, rememberMe available), so not sure if it 
works for you. If you want the approach with "token", you may need to 
disable session iframe in that case (as the SSO session on Keycloak side 
may not be longer valid after browser restart).

Marek

Dne 4.2.2018 v 14:48 Ori Doolman napsal(a):
> Hi,
> My web application is using the Keycloak JS adapter, and I'm using the 'implicit' flow for getting the access token.
> I have a requirement to prevent the user from keying again passwords for 24 hours (assuming the token is expired after 24 hours), even after browser is closed and re-opened.
>
> There is a cookie called 'KEYCLOAK_IDENTITY', which I assume preserve the login state, but it is a session cookie and it is deleted after closing the browser window.
> I also see that in the initOptions of the adapter, I can pass an existing access token by the 'token' property. Hence, I was thinking to persist the 24hours access token into localStorage and then read it and pass as part of initOptions to the adapter when my application starts.
> However, I cannot make it work and I'm not even sure this is possible to do so.
>
> Is it possible to use the 'token' initOption like that?
> If not, is there a recommended approach for implementing such requirement ?
>
>
> Thanks,
>
> Ori Doolman
> Lead Software Architect
> Amdocs Optima
>
> +972 9 778 6914 (office)
> +972 50 9111442 (mobile)
>
> [cid:image001.png at 01D2C8DE.BFF33E10]
>
> This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,
>
> you may review at https://www.amdocs.com/about/email-disclaimer <https://www.amdocs.com/about/email-disclaimer>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list