[keycloak-user] Prevent JS Adapter from redirecting if already logged in

Gregor Jarisch gregor at jarisch.net
Fri Sep 30 05:12:25 EDT 2016


We tried login-required as well as check-sso. In case of a user logged in, it doesn't seem to do anything different. 

Stian, in fact, it seem to be as you described it. A logged on user loads the page and it gets redirected to keycloak and back again, than loads the website a second time. So twice. 
But why is this necessary? This is a bad UX experience and a performance loss as well. If the user is logged in, it should not redirect anywhere.

Couldn't the js adapter simple make an XHR request to the keycloak server - as other js requests would do it - and only redirect in case the user isn't logged in?
I believe that way would be much more user friendly (visually appealing in particular) and faster as well, because you don't have twice the loading time of your page.

Am I missing something here or could this be improved that way?

Gregor



 From:   Stian Thorgersen <sthorger at redhat.com> 
 To:   Jess Sightler <jsightle at redhat.com> 
 Cc:   keycloak-user <keycloak-user at lists.jboss.org> 
 Sent:   30.09.2016 8:42 
 Subject:   Re: [keycloak-user] Prevent JS Adapter from redirecting if already logged in 

With check-sso what should happen is: 
 
* keycloak.js checks session cookie. If no cookie it does nothing 
* If session cookie exists redirect to login page with prompt=none 
* If session is valid Keycloak redirects back to app with code and 
keycloak.js swaps the code 
* If session wasn't valid Keycloak redirects back to app 
 
With a logged-in user the app page should be loaded twice. Once when first 
visited then a second time after the prompt=none redirect. Are you seeing 
the page being loaded twice or three times? 
 
On 29 September 2016 at 17:27, Jess Sightler <jsightle at redhat.com> wrote: 
 
> I am, and I believe that I have noticed this behavior as well. I get 
> redirected back to the app with "?prompt=none" appended to the URL. 
> 
> On 09/29/2016 10:16 AM, Sebastien Blanc wrote: 
> 
> Hi, 
> 
> Are you using 
> 
> keycloak.init({ onLoad: 'check-sso' }) ? 
> 
> 
> Sebi 
> 
> 
> 
> On Thu, Sep 29, 2016 at 4:01 PM, Gregor Jarisch <gregor at jarisch.net> 
> wrote: 
> 
>> Hi there, 
>> 
>> we have a single page application using the JS adapter. Once the user is 
>> logged in and a page redirect occurs, the SPA loads, but immediately 
>> reloads once again when keycloak adapter authenticates. 
>> Since the user was logged in before already, we would have assumed that 
>> no further page refresh has to be made. 
>> 
>> Interestingly, when we manually pass on all the token values in the init 
>> method (for testing purposes), the page doesn't refresh a second time and 
>> the user is authenticated. As we would have expected it to be. 
>> 
>> This might be just a misunderstanding of how this adapter is supposed to 
>> work, but from our understanding the purpose of the iframe and the set 
>> cookie is to make sure the user stays authenticated. 
>> Thus, shouldn't the keycloak adapter "store" the tokens and use them on a 
>> page refresh if they are valid in order to authenticate without the need 
>> for an additional page refresh? 
>> 
>> Would be nice if somebody can explain this mechanism a bit further and 
>> maybe even give a hint on what we are doing wrong here.. We are puzzled at 
>> the moment. 
>> 
>> Thanks 
>> 
>> Gregor 
>> 
>> _______________________________________________ 
>> keycloak-user mailing list 
>> keycloak-user at lists.jboss.org 
>> https://lists.jboss.org/mailman/listinfo/keycloak-user 
>> 
> 
> 
> 
> _______________________________________________ 
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user 
> 
> 
> 
> _______________________________________________ 
> keycloak-user mailing list 
> keycloak-user at lists.jboss.org 
> https://lists.jboss.org/mailman/listinfo/keycloak-user 
> 
_______________________________________________ 
keycloak-user mailing list 
keycloak-user at lists.jboss.org 
https://lists.jboss.org/mailman/listinfo/keycloak-user 


More information about the keycloak-user mailing list