[keycloak-user] Error when using bookmarked login page

[RickT153 .]

Hello,



I am trying to secure a single page application with Keycloak. The setup is
the following: There are a few microservices and Keycloak behind an Apache
Reverse Proxy, which has mod_auth_openidc installed.



The authentication works fine. When a user visits my page www.example.com he
will be redirected to www.example.com/auth/realms/myrealm/protocol/openidc-
connect/auth?response_type=code&many_more=parameters. The Keycloak
login-page is presented to the user and when he enters his credentials
correctly he is redirected to my page www.example.com/main and can use the
application.



So far, so good.



Now the problem is, that a user might want to bookmark my site right after
visiting it. That means that he will bookmark the Keycloak login-page. But
there are some parameters (like state and nonce) in the login-page url that
are only valid for the initial login-session. Therefore, visiting the
bookmarked page at a later time will cause an error and the user will not
be able to access my page.



Do you have any tips on how I can fix this problem? Are there common ways
to allow a user to visit a bookmarked login page without breaking the
authentication flow?



Thanks,

Patrick