[keycloak-user] Prevent JS Adapter from redirecting if already logged in

Stian Thorgersen sthorger at redhat.com
Fri Sep 30 02:42:10 EDT 2016 

With check-sso what should happen is:

* keycloak.js checks session cookie. If no cookie it does nothing
* If session cookie exists redirect to login page with prompt=none
* If session is valid Keycloak redirects back to app with code and
keycloak.js swaps the code
* If session wasn't valid Keycloak redirects back to app

With a logged-in user the app page should be loaded twice. Once when first
visited then a second time after the prompt=none redirect. Are you seeing
the page being loaded twice or three times?

On 29 September 2016 at 17:27, Jess Sightler <jsightle at redhat.com> wrote:

> I am, and I believe that I have noticed this behavior as well. I get
> redirected back to the app with "?prompt=none" appended to the URL.
>
> On 09/29/2016 10:16 AM, Sebastien Blanc wrote:
>
> Hi,
>
> Are you using
>
> keycloak.init({ onLoad: 'check-sso' }) ?
>
>
> Sebi
>
>
>
> On Thu, Sep 29, 2016 at 4:01 PM, Gregor Jarisch <gregor at jarisch.net>
> wrote:
>
>> Hi there,
>>
>> we have a single page application using the JS adapter. Once the user is
>> logged in and a page redirect occurs, the SPA loads, but immediately
>> reloads once again when keycloak adapter authenticates.
>> Since the user was logged in before already, we would have assumed that
>> no further page refresh has to be made.
>>
>> Interestingly, when we manually pass on all the token values in the init
>> method (for testing purposes), the page doesn't refresh a second time and
>> the user is authenticated. As we would have expected it to be.
>>
>> This might be just a misunderstanding of how this adapter is supposed to
>> work, but from our understanding the purpose of the iframe and the set
>> cookie is to make sure the user stays authenticated.
>> Thus, shouldn't the keycloak adapter "store" the tokens and use them on a
>> page refresh if they are valid in order to authenticate without the need
>> for an additional page refresh?
>>
>> Would be nice if somebody can explain this mechanism a bit further and
>> maybe even give a hint on what we are doing wrong here.. We are puzzled at
>> the moment.
>>
>> Thanks
>>
>> Gregor
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list