[keycloak-user] Error when keycloak.js is bundled with application but not otherwise

[Karthik Jayaraman]

Hi all,

I am having the following issue:

Scenario 1:

In my application index.html (bundled in a JAR file and deployed in Jetty),
I have the following code:

<script src="keycloak.js"></script>

<script>
    var keycloak = Keycloak(
    {
    "realm": "master",
    "clientId": "client1",
    "auth-server-url": "http://
<<keycloak-server-ip>>:<<keycloak-server-port>>/auth",
    "public-client": true
    });

    keycloak.init({
        onLoad: 'login-required'
    }).success(function () {
       alert("login success");
    });

</script>

And I have the following client configuration in Keycloak server

Client Protocol - openid-connect
Access Type - public
Standard Flow Enabled - ON
Implicit Flow Enabled - OFF
Direct Access Grants Enabled - ON
Authorization Enabled - OFF
Root URL -
Valid Redirect URIs - http://
<<myapplicationIP>>:<<myapplicationPort>>/admin/*
Base URL - http://<<myapplicationIP>>:<<myapplicationPort>>/admin
Admin URL -
Web Origins -

With this configuration, the first time when I hit
http://<<myapplicationIP>>:<<myapplicationPort>>/admin/
, I am getting redirected to http://
<<myapplicationIP>>:<<myapplicationPort>>/realms/master/protocol/openid-connect
/auth?client_id=client1&redirect_uri=http%3A%2F%2F<<myapplicationIP>>%3A<<myapplicationPort>>%2Fadmin%2F&state=c524eb6c-9245-4f82-87e9-e767dd733b0d&nonce=760809b5-b2d5-4c3e-9d76-40cd43bdef0d&response_mode=fragment&response_type=code&scope=openid

and I get 404 which is expected since keycloak is trying to redirect to
 http://<<myapplicationIP>>:<<myapplicationPort>>/realms/... which does not
exist in our application.

Scenario 2:

When I do the same thing as scenario 1 except the way keycloak.js is
loaded, everything works as expected.

<script src="http://
<<keycloakServerIP>>:<<keycloakServerPort>>/auth/js/keycloak.js"></script>

So, what is operationally different between bundling keycloak.js and
loading it at run time ?

- Karthik