[keycloak-dev] can't figure this out
Leonardo Loch Zanivan
leonardo.zanivan at gmail.com
Thu Mar 26 12:24:30 EDT 2015
I had this problem with my angular app :)
Keycloak return "redirect_fragment" param with "#_=_"
On Thu, Mar 26, 2015 at 1:07 PM Bill Burke <bburke at redhat.com> wrote:
> Honestly, your descriptions don't make sense at all...
>
> 1. admin console redirects to keycloak with a redirect uri of
> /auth/admin/master/console.
> 2. Keycloak stores this redirect uri as-is, keycloak also stores "state"
> param.
> 3. keycloak redirects to facebook
> 4. facebook redirects to keycloak callback url
> 5. keycloak builds a redirect URI back to admin console based on
> original stored redirect uri and "state" param and "code".
> 6. keylcoak redirects back to admin console
>
> How could Facebook insert #_=_? Is there some browser/fragment magic
> happening?
>
>
> On 3/26/2015 11:44 AM, Stian Thorgersen wrote:
> > No, we can sort it out in Keycloak as Facebook redirects to Keycloak,
> not the application.
> >
> > ----- Original Message -----
> >> From: "Leonardo Loch Zanivan" <leonardo.zanivan at gmail.com>
> >> To: "Stian Thorgersen" <stian at redhat.com>
> >> Cc: "Bill Burke" <bburke at redhat.com>, keycloak-dev at lists.jboss.org
> >> Sent: Thursday, 26 March, 2015 4:41:50 PM
> >> Subject: Re: [keycloak-dev] can't figure this out
> >>
> >> I think it would need some tweak in the JavaScript adapter.
> >>
> >> On Thu, Mar 26, 2015 at 12:25 PM Stian Thorgersen <stian at redhat.com>
> wrote:
> >>
> >>> Great, so we just need to tweak the Facebook provider to strip that off
> >>> before redirecting to the app
> >>>
> >>> ----- Original Message -----
> >>>> From: "Leonardo Loch Zanivan" <leonardo.zanivan at gmail.com>
> >>>> To: "Stian Thorgersen" <stian at redhat.com>, "Bill Burke" <
> >>> bburke at redhat.com>
> >>>> Cc: keycloak-dev at lists.jboss.org
> >>>> Sent: Thursday, 26 March, 2015 4:21:49 PM
> >>>> Subject: Re: [keycloak-dev] can't figure this out
> >>>>
> >>>> Ops, you need to remove after keycloak success. Here is an example:
> >>>>
> >>>> keycloakAuth.init({
> >>>> onLoad: 'login-required'
> >>>> }).success(function(authenticated) {
> >>>> //fix facebook oauth
> >>>> if (window.location.hash === '#_=_') {
> >>>> window.location.hash = '';
> >>>> }
> >>>> });
> >>>>
> >>>>
> >>>> On Thu, Mar 26, 2015 at 12:19 PM Leonardo Loch Zanivan <
> >>>> leonardo.zanivan at gmail.com> wrote:
> >>>>
> >>>>> Facebook adds "#_=_" at the end of redirect URL for "security
> >>> reasons", so
> >>>>> SPA apps won't work unless you remove it.
> >>>>>
> >>>>> In Angular apps you should remove before call keycloak:
> >>>>>
> >>>>> if (window.location.hash === '#_=_') {
> >>>>> window.location.hash = '';
> >>>>> }
> >>>>>
> >>>>> On Thu, Mar 26, 2015 at 12:14 PM Stian Thorgersen <stian at redhat.com>
> >>>>> wrote:
> >>>>>
> >>>>>> AFAIK Facebook is OAuth2 + custom weird stuff that looks like but
> >>> isn't
> >>>>>> OpenID Connect
> >>>>>>
> >>>>>> ----- Original Message -----
> >>>>>>> From: "Stian Thorgersen" <stian at redhat.com>
> >>>>>>> To: "Bill Burke" <bburke at redhat.com>
> >>>>>>> Cc: keycloak-dev at lists.jboss.org
> >>>>>>> Sent: Thursday, 26 March, 2015 4:11:11 PM
> >>>>>>> Subject: Re: [keycloak-dev] can't figure this out
> >>>>>>>
> >>>>>>> I remember seeing the '#_=_' crap a while ago, I believe that was
> >>> before
> >>>>>>> Pedro started brokering.
> >>>>>>>
> >>>>>>> ----- Original Message -----
> >>>>>>>> From: "Bill Burke" <bburke at redhat.com>
> >>>>>>>> To: keycloak-dev at lists.jboss.org
> >>>>>>>> Sent: Thursday, 26 March, 2015 2:54:27 PM
> >>>>>>>> Subject: [keycloak-dev] can't figure this out
> >>>>>>>>
> >>>>>>>> I'm going crazy... I'm testing facebook login with the admin
> >>> console
> >>>>>> as
> >>>>>>>> the test app.
> >>>>>>>>
> >>>>>>>> 1. Facebook auth succeeds
> >>>>>>>> 2. Redirect back to admin console
> >>>>>>>> 3. For some reason admin console doesn't like the redirect URL and
> >>>>>> does
> >>>>>>>> a redirect back to keycloak login with a fragment of #_=_
> >>>>>>>> 4. I'm already logged in, so redirect back
> >>>>>>>> 5. Success, but the fragment is #_=_
> >>>>>>>>
> >>>>>>>> Login works for github though...I'm freakin stumped. The initial
> >>>>>>>> redirect back to the admin console is the same exact redirect uri
> >>> for
> >>>>>>>> both github and facebook.
> >>>>>>>>
> >>>>>>>> Has anybody seen this before?
> >>>>>>>>
> >>>>>>>> --
> >>>>>>>> Bill Burke
> >>>>>>>> JBoss, a division of Red Hat
> >>>>>>>> http://bill.burkecentral.com
> >>>>>>>> _______________________________________________
> >>>>>>>> keycloak-dev mailing list
> >>>>>>>> keycloak-dev at lists.jboss.org
> >>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>>>>>>>
> >>>>>>> _______________________________________________
> >>>>>>> keycloak-dev mailing list
> >>>>>>> keycloak-dev at lists.jboss.org
> >>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>>>>>>
> >>>>>> _______________________________________________
> >>>>>> keycloak-dev mailing list
> >>>>>> keycloak-dev at lists.jboss.org
> >>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>>>>>
> >>>>>
> >>>>
> >>>
> >>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150326/92a35d52/attachment.html
More information about the keycloak-dev
mailing list