[keycloak-user] Failed to initialize in KC 3.4

Tue Jan 16 07:25:04 EST 2018

I think mailing list is not allowing attachments, you need to host images
somewhere else and post link here

On Tue, Jan 16, 2018 at 3:15 PM Corentin Dupont <corentin.dupont at gmail.com>
wrote:

> Hello ,
> what do you mean by headers dump?
> I included two screenshots in the previous post, is this what you mean?
> Thanks
>
> On Tue, Jan 16, 2018 at 12:46 PM, Виталий Ищенко <betalb at gmail.com> wrote:
>
>> Hi
>>
>> Asterisk should be pretty valid, maybe at some point in time KC stopped
>> expanding it and just started to pass in reply as-is, but Access-Control-Allow-Origin:
>> *
>>
>> Is valid header value [1]. And status = 0 means that preflight request
>> check failed on the browser side and JS code can't even access any info
>> from KC.
>>
>> Do you have request and response headers dump, an asterisk was quoted or
>> not?
>>
>> [1]
>> https://developer.mozilla.org/ru/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
>>
>> On Tue, Jan 16, 2018 at 1:10 PM Corentin Dupont <
>> corentin.dupont at gmail.com> wrote:
>>
>>> Hi guys,
>>> I finally solved this problem.
>>> Posting here for memory :)
>>> I use this simple code in my NodeJS application:
>>>
>>> import Keycloak from 'keycloak-js';
>>>
>>> var keycloak = Keycloak();
>>> keycloak.init({ onLoad: 'login-required'}).success(authenticated => {
>>>   if (authenticated) {
>>>     console.log("Authenticated");
>>>   }
>>> }).error(function (error) {
>>>     console.log("Authentication error");
>>>   });
>>> }
>>>
>>> In Keycloak 3.3 and above, I kept getting the message "Authentication
>>> error".
>>> Keycloak 3.2 and below works.
>>>
>>> I finally understood that the problem is the Web Origins of my client.
>>> It was set to "*", but apparently this is not supported anymore in
>>> KC>=3.3.
>>> By putting something more precise it worked (e.g. http://localhost:3000
>>> ).
>>>
>>> The debugging of this one was very tricky...
>>> The problem happens at the "code to token exchange" step.
>>> In KC 3.3, the response headers "Access-Control-Allow-Origin" is set to
>>> "*".
>>> This doesn't seem to work with keycloak.js adapter, at this line:
>>>
>>> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L341
>>>
>>> The req.status is 0. It seems that XMLHttpRequest doesn't like this
>>> Access-Control-Allow-Origin="*".
>>>
>>> If I change the Web Origins to http://localhost:3000, it works.
>>> Likewise, in KC=3.2, the Web Origins = *  seems to be translated
>>> automatically to Access-Control-Allow-Origin hea=
>>>
>>>
>>>
>>>
>>>
>>> In KC 3.2, with Web Origin "*", the  is transformed as "
>>> http://localhost:3000"
>>>
>>>
>>>
>>>
>>> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L337
>>>
>>>
>>>
>>>
>>> On Tue, Dec 12, 2017 at 10:45 AM, Corentin Dupont <
>>> corentin.dupont at gmail.com
>>> > wrote:
>>>
>>> > Hi guys,
>>> >
>>> > I use this code in my javascript application:
>>> >
>>> > var keycloak = Keycloak();
>>> >         keycloak.init().success(function(authenticated) {
>>> >             alert(authenticated ? 'authenticated' : 'not
>>> authenticated');
>>> >         }).error(function() {
>>> >             alert('failed to initialize');
>>> >         });
>>> >
>>> > Since I updated Keycloak I get the message 'failed to initialize'.
>>> > It was working well with the previous version of KC 3.2.
>>> >
>>> > What could it be? How can I get a better error message?
>>> >
>>> >
>>> > Thanks!
>>> >
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>