Honestly, your descriptions don't make sense at all...
1. admin console redirects to keycloak with a redirect uri of
/auth/admin/master/console.
2. Keycloak stores this redirect uri as-is, keycloak also stores "state"
param.
3. keycloak redirects to facebook
4. facebook redirects to keycloak callback url
5. keycloak builds a redirect URI back to admin console based on
original stored redirect uri and "state" param and "code".
6. keylcoak redirects back to admin console
How could Facebook insert #_=_? Is there some browser/fragment magic
happening?
On 3/26/2015 11:44 AM, Stian Thorgersen wrote:
No, we can sort it out in Keycloak as Facebook redirects to Keycloak,
not the application.
----- Original Message -----
> From: "Leonardo Loch Zanivan" <leonardo.zanivan(a)gmail.com>
> To: "Stian Thorgersen" <stian(a)redhat.com>
> Cc: "Bill Burke" <bburke(a)redhat.com>, keycloak-dev(a)lists.jboss.org
> Sent: Thursday, 26 March, 2015 4:41:50 PM
> Subject: Re: [keycloak-dev] can't figure this out
>
> I think it would need some tweak in the JavaScript adapter.
>
> On Thu, Mar 26, 2015 at 12:25 PM Stian Thorgersen <stian(a)redhat.com> wrote:
>
>> Great, so we just need to tweak the Facebook provider to strip that off
>> before redirecting to the app
>>
>> ----- Original Message -----
>>> From: "Leonardo Loch Zanivan" <leonardo.zanivan(a)gmail.com>
>>> To: "Stian Thorgersen" <stian(a)redhat.com>, "Bill
Burke" <
>> bburke(a)redhat.com>
>>> Cc: keycloak-dev(a)lists.jboss.org
>>> Sent: Thursday, 26 March, 2015 4:21:49 PM
>>> Subject: Re: [keycloak-dev] can't figure this out
>>>
>>> Ops, you need to remove after keycloak success. Here is an example:
>>>
>>> keycloakAuth.init({
>>> onLoad: 'login-required'
>>> }).success(function(authenticated) {
>>> //fix facebook oauth
>>> if (window.location.hash === '#_=_') {
>>> window.location.hash = '';
>>> }
>>> });
>>>
>>>
>>> On Thu, Mar 26, 2015 at 12:19 PM Leonardo Loch Zanivan <
>>> leonardo.zanivan(a)gmail.com> wrote:
>>>
>>>> Facebook adds "#_=_" at the end of redirect URL for
"security
>> reasons", so
>>>> SPA apps won't work unless you remove it.
>>>>
>>>> In Angular apps you should remove before call keycloak:
>>>>
>>>> if (window.location.hash === '#_=_') {
>>>> window.location.hash = '';
>>>> }
>>>>
>>>> On Thu, Mar 26, 2015 at 12:14 PM Stian Thorgersen
<stian(a)redhat.com>
>>>> wrote:
>>>>
>>>>> AFAIK Facebook is OAuth2 + custom weird stuff that looks like but
>> isn't
>>>>> OpenID Connect
>>>>>
>>>>> ----- Original Message -----
>>>>>> From: "Stian Thorgersen" <stian(a)redhat.com>
>>>>>> To: "Bill Burke" <bburke(a)redhat.com>
>>>>>> Cc: keycloak-dev(a)lists.jboss.org
>>>>>> Sent: Thursday, 26 March, 2015 4:11:11 PM
>>>>>> Subject: Re: [keycloak-dev] can't figure this out
>>>>>>
>>>>>> I remember seeing the '#_=_' crap a while ago, I believe
that was
>> before
>>>>>> Pedro started brokering.
>>>>>>
>>>>>> ----- Original Message -----
>>>>>>> From: "Bill Burke" <bburke(a)redhat.com>
>>>>>>> To: keycloak-dev(a)lists.jboss.org
>>>>>>> Sent: Thursday, 26 March, 2015 2:54:27 PM
>>>>>>> Subject: [keycloak-dev] can't figure this out
>>>>>>>
>>>>>>> I'm going crazy... I'm testing facebook login with
the admin
>> console
>>>>> as
>>>>>>> the test app.
>>>>>>>
>>>>>>> 1. Facebook auth succeeds
>>>>>>> 2. Redirect back to admin console
>>>>>>> 3. For some reason admin console doesn't like the
redirect URL and
>>>>> does
>>>>>>> a redirect back to keycloak login with a fragment of #_=_
>>>>>>> 4. I'm already logged in, so redirect back
>>>>>>> 5. Success, but the fragment is #_=_
>>>>>>>
>>>>>>> Login works for github though...I'm freakin stumped. The
initial
>>>>>>> redirect back to the admin console is the same exact redirect
uri
>> for
>>>>>>> both github and facebook.
>>>>>>>
>>>>>>> Has anybody seen this before?
>>>>>>>
>>>>>>> --
>>>>>>> Bill Burke
>>>>>>> JBoss, a division of Red Hat
>>>>>>>
http://bill.burkecentral.com
>>>>>>> _______________________________________________
>>>>>>> keycloak-dev mailing list
>>>>>>> keycloak-dev(a)lists.jboss.org
>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-dev mailing list
>>>>>> keycloak-dev(a)lists.jboss.org
>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>
>>>>> _______________________________________________
>>>>> keycloak-dev mailing list
>>>>> keycloak-dev(a)lists.jboss.org
>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>
>>>>
>>>
>>
>