Do you have a suggested approach to handling this? Prompt the user that
they should turn off private browsing on their Iphone?
On Fri, Jan 30, 2015 at 2:48 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
Only option would be to disable state verification, which could leave
it
open to CSRF.
----- Original Message -----
> From: "Dean Peterson" <peterson.dean(a)gmail.com>
> To: keycloak-user(a)lists.jboss.org
> Sent: Monday, 26 January, 2015 12:34:26 AM
> Subject: [keycloak-user] IPhone turns off local storage by default and
that causes Keycloak.js to fail.
>
> IPhones are in private mode by default. When in private mode, they do not
> allow localstorage. Any application secured with the pure js keycloak
file
> fails. When I turn private mode off, the application works. Will
Keycloak be
> supporting IPhones with the pure javascript client in the future without
> requiring users turn private mode off?
>
> I get the following error in private mode. The highlighted code is what
> causes the error:
>
> QuotaExceededError: DOM Exception 22: An attempt was made to add
something to
> storage that exceeded the quota.
>
> Jessicakc.createLoginUrl = function(options) {
> var state = createUUID();
>
> var redirectUri = adapter.redirectUri(options);
> if (options && options.prompt) {
> if (redirectUri.indexOf('?') == -1) {
> redirectUri += '?prompt=' + options.prompt;
> } else {
> redirectUri += '&prompt=' + options.prompt;
> }
> }
>
> sessionStorage.oauthState = state;
>
> var url = getRealmUrl()
> + '/tokens/login'
> + '?client_id=' + encodeURIComponent(kc.clientId)
> + '&redirect_uri=' + encodeURIComponent(redirectUri)
> + '&state=' + encodeURIComponent(state)
> + '&response_type=code';
>
> if (options && options.prompt) {
> url += '&prompt=' + options.prompt;
> }
>
> if (options && options.loginHint) {
> url += '&login_hint=' + options.loginHint;
> }
>
> return url;
> }
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user