[keycloak-user] Prevent JS Adapter from redirecting if already logged in
Gregor Jarisch
gregor at jarisch.net
Fri Sep 30 05:12:25 EDT 2016
We tried login-required as well as check-sso. In case of a user logged in, it doesn't seem to do anything different.
Stian, in fact, it seem to be as you described it. A logged on user loads the page and it gets redirected to keycloak and back again, than loads the website a second time. So twice.
But why is this necessary? This is a bad UX experience and a performance loss as well. If the user is logged in, it should not redirect anywhere.
Couldn't the js adapter simple make an XHR request to the keycloak server - as other js requests would do it - and only redirect in case the user isn't logged in?
I believe that way would be much more user friendly (visually appealing in particular) and faster as well, because you don't have twice the loading time of your page.
Am I missing something here or could this be improved that way?
Gregor
From: Stian Thorgersen <sthorger at redhat.com>
To: Jess Sightler <jsightle at redhat.com>
Cc: keycloak-user <keycloak-user at lists.jboss.org>
Sent: 30.09.2016 8:42
Subject: Re: [keycloak-user] Prevent JS Adapter from redirecting if already logged in
With check-sso what should happen is:
* keycloak.js checks session cookie. If no cookie it does nothing
* If session cookie exists redirect to login page with prompt=none
* If session is valid Keycloak redirects back to app with code and
keycloak.js swaps the code
* If session wasn't valid Keycloak redirects back to app
With a logged-in user the app page should be loaded twice. Once when first
visited then a second time after the prompt=none redirect. Are you seeing
the page being loaded twice or three times?
On 29 September 2016 at 17:27, Jess Sightler <jsightle at redhat.com> wrote:
> I am, and I believe that I have noticed this behavior as well. I get
> redirected back to the app with "?prompt=none" appended to the URL.
>
> On 09/29/2016 10:16 AM, Sebastien Blanc wrote:
>
> Hi,
>
> Are you using
>
> keycloak.init({ onLoad: 'check-sso' }) ?
>
>
> Sebi
>
>
>
> On Thu, Sep 29, 2016 at 4:01 PM, Gregor Jarisch <gregor at jarisch.net>
> wrote:
>
>> Hi there,
>>
>> we have a single page application using the JS adapter. Once the user is
>> logged in and a page redirect occurs, the SPA loads, but immediately
>> reloads once again when keycloak adapter authenticates.
>> Since the user was logged in before already, we would have assumed that
>> no further page refresh has to be made.
>>
>> Interestingly, when we manually pass on all the token values in the init
>> method (for testing purposes), the page doesn't refresh a second time and
>> the user is authenticated. As we would have expected it to be.
>>
>> This might be just a misunderstanding of how this adapter is supposed to
>> work, but from our understanding the purpose of the iframe and the set
>> cookie is to make sure the user stays authenticated.
>> Thus, shouldn't the keycloak adapter "store" the tokens and use them on a
>> page refresh if they are valid in order to authenticate without the need
>> for an additional page refresh?
>>
>> Would be nice if somebody can explain this mechanism a bit further and
>> maybe even give a hint on what we are doing wrong here.. We are puzzled at
>> the moment.
>>
>> Thanks
>>
>> Gregor
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list