----- Original Message -----
From: "Dean Peterson" <peterson.dean(a)gmail.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-user(a)lists.jboss.org
Sent: Saturday, January 31, 2015 6:27:11 PM
Subject: Re: [keycloak-user] IPhone turns off local storage by default and that causes
Keycloak.js to fail.
Do you have a suggested approach to handling this? Prompt the user that
they should turn off private browsing on their Iphone?
Sorry for the late reply, but yes that seems like a decent option. It may be possible to
work around this by using an iframe, but that opens up a whole can of possible csrf and
clickjacking attacks. Private mode seems like a really stupid option with regards to HTML5
apps if you ask me.
Have a look at
http://security.stackexchange.com/questions/20187/oauth2-cross-site-reque...
and you'll find out why the state parm is required.
On Fri, Jan 30, 2015 at 2:48 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
> Only option would be to disable state verification, which could leave it
> open to CSRF.
>
> ----- Original Message -----
> > From: "Dean Peterson" <peterson.dean(a)gmail.com>
> > To: keycloak-user(a)lists.jboss.org
> > Sent: Monday, 26 January, 2015 12:34:26 AM
> > Subject: [keycloak-user] IPhone turns off local storage by default and
> that causes Keycloak.js to fail.
> >
> > IPhones are in private mode by default. When in private mode, they do not
> > allow localstorage. Any application secured with the pure js keycloak
> file
> > fails. When I turn private mode off, the application works. Will
> Keycloak be
> > supporting IPhones with the pure javascript client in the future without
> > requiring users turn private mode off?
> >
> > I get the following error in private mode. The highlighted code is what
> > causes the error:
> >
> > QuotaExceededError: DOM Exception 22: An attempt was made to add
> something to
> > storage that exceeded the quota.
> >
> > Jessicakc.createLoginUrl = function(options) {
> > var state = createUUID();
> >
> > var redirectUri = adapter.redirectUri(options);
> > if (options && options.prompt) {
> > if (redirectUri.indexOf('?') == -1) {
> > redirectUri += '?prompt=' + options.prompt;
> > } else {
> > redirectUri += '&prompt=' + options.prompt;
> > }
> > }
> >
> > sessionStorage.oauthState = state;
> >
> > var url = getRealmUrl()
> > + '/tokens/login'
> > + '?client_id=' + encodeURIComponent(kc.clientId)
> > + '&redirect_uri=' + encodeURIComponent(redirectUri)
> > + '&state=' + encodeURIComponent(state)
> > + '&response_type=code';
> >
> > if (options && options.prompt) {
> > url += '&prompt=' + options.prompt;
> > }
> >
> > if (options && options.loginHint) {
> > url += '&login_hint=' + options.loginHint;
> > }
> >
> > return url;
> > }
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> >
https://lists.jboss.org/mailman/listinfo/keycloak-user
>