[keycloak-user] IPhone turns off local storage by default and that causes Keycloak.js to fail.
Stian Thorgersen
stian at redhat.com
Thu Feb 19 03:25:17 EST 2015
----- Original Message -----
> From: "Dean Peterson" <peterson.dean at gmail.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Saturday, January 31, 2015 6:27:11 PM
> Subject: Re: [keycloak-user] IPhone turns off local storage by default and that causes Keycloak.js to fail.
>
> Do you have a suggested approach to handling this? Prompt the user that
> they should turn off private browsing on their Iphone?
Sorry for the late reply, but yes that seems like a decent option. It may be possible to work around this by using an iframe, but that opens up a whole can of possible csrf and clickjacking attacks. Private mode seems like a really stupid option with regards to HTML5 apps if you ask me.
Have a look at http://security.stackexchange.com/questions/20187/oauth2-cross-site-request-forgery-and-state-parameter and you'll find out why the state parm is required.
>
> On Fri, Jan 30, 2015 at 2:48 AM, Stian Thorgersen <stian at redhat.com> wrote:
>
> > Only option would be to disable state verification, which could leave it
> > open to CSRF.
> >
> > ----- Original Message -----
> > > From: "Dean Peterson" <peterson.dean at gmail.com>
> > > To: keycloak-user at lists.jboss.org
> > > Sent: Monday, 26 January, 2015 12:34:26 AM
> > > Subject: [keycloak-user] IPhone turns off local storage by default and
> > that causes Keycloak.js to fail.
> > >
> > > IPhones are in private mode by default. When in private mode, they do not
> > > allow localstorage. Any application secured with the pure js keycloak
> > file
> > > fails. When I turn private mode off, the application works. Will
> > Keycloak be
> > > supporting IPhones with the pure javascript client in the future without
> > > requiring users turn private mode off?
> > >
> > > I get the following error in private mode. The highlighted code is what
> > > causes the error:
> > >
> > > QuotaExceededError: DOM Exception 22: An attempt was made to add
> > something to
> > > storage that exceeded the quota.
> > >
> > > Jessicakc.createLoginUrl = function(options) {
> > > var state = createUUID();
> > >
> > > var redirectUri = adapter.redirectUri(options);
> > > if (options && options.prompt) {
> > > if (redirectUri.indexOf('?') == -1) {
> > > redirectUri += '?prompt=' + options.prompt;
> > > } else {
> > > redirectUri += '&prompt=' + options.prompt;
> > > }
> > > }
> > >
> > > sessionStorage.oauthState = state;
> > >
> > > var url = getRealmUrl()
> > > + '/tokens/login'
> > > + '?client_id=' + encodeURIComponent(kc.clientId)
> > > + '&redirect_uri=' + encodeURIComponent(redirectUri)
> > > + '&state=' + encodeURIComponent(state)
> > > + '&response_type=code';
> > >
> > > if (options && options.prompt) {
> > > url += '&prompt=' + options.prompt;
> > > }
> > >
> > > if (options && options.loginHint) {
> > > url += '&login_hint=' + options.loginHint;
> > > }
> > >
> > > return url;
> > > }
> > >
> > >
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
More information about the keycloak-user
mailing list