[keycloak-user] Failed to initialize in KC 3.4
Corentin Dupont
corentin.dupont at gmail.com
Tue Jan 16 07:32:21 EST 2018
Let's try with Drive:
Keycloak 3.2 headers.png
<https://drive.google.com/file/d/1gNKw3coRAJ1UTLKMYcpfVDEFXx4Xc3sO/view?usp=drive_web>
Keycloak 3.3 headers.png
<https://drive.google.com/file/d/1pf8YcJD-wtPHpV553l0pqKzdSTbU_96_/view?usp=drive_web>
On Tue, Jan 16, 2018 at 1:25 PM, Виталий Ищенко <betalb at gmail.com> wrote:
> I think mailing list is not allowing attachments, you need to host images
> somewhere else and post link here
>
> On Tue, Jan 16, 2018 at 3:15 PM Corentin Dupont <corentin.dupont at gmail.com>
> wrote:
>
>> Hello ,
>> what do you mean by headers dump?
>> I included two screenshots in the previous post, is this what you mean?
>> Thanks
>>
>> On Tue, Jan 16, 2018 at 12:46 PM, Виталий Ищенко <betalb at gmail.com>
>> wrote:
>>
>>> Hi
>>>
>>> Asterisk should be pretty valid, maybe at some point in time KC stopped
>>> expanding it and just started to pass in reply as-is, but
>>> Access-Control-Allow-Origin: *
>>>
>>> Is valid header value [1]. And status = 0 means that preflight request
>>> check failed on the browser side and JS code can't even access any info
>>> from KC.
>>>
>>> Do you have request and response headers dump, an asterisk was quoted or
>>> not?
>>>
>>> [1] https://developer.mozilla.org/ru/docs/Web/HTTP/Headers/
>>> Access-Control-Allow-Origin
>>>
>>> On Tue, Jan 16, 2018 at 1:10 PM Corentin Dupont <
>>> corentin.dupont at gmail.com> wrote:
>>>
>>>> Hi guys,
>>>> I finally solved this problem.
>>>> Posting here for memory :)
>>>> I use this simple code in my NodeJS application:
>>>>
>>>> import Keycloak from 'keycloak-js';
>>>>
>>>> var keycloak = Keycloak();
>>>> keycloak.init({ onLoad: 'login-required'}).success(authenticated => {
>>>> if (authenticated) {
>>>> console.log("Authenticated");
>>>> }
>>>> }).error(function (error) {
>>>> console.log("Authentication error");
>>>> });
>>>> }
>>>>
>>>> In Keycloak 3.3 and above, I kept getting the message "Authentication
>>>> error".
>>>> Keycloak 3.2 and below works.
>>>>
>>>> I finally understood that the problem is the Web Origins of my client.
>>>> It was set to "*", but apparently this is not supported anymore in
>>>> KC>=3.3.
>>>> By putting something more precise it worked (e.g. http://localhost:3000
>>>> ).
>>>>
>>>> The debugging of this one was very tricky...
>>>> The problem happens at the "code to token exchange" step.
>>>> In KC 3.3, the response headers "Access-Control-Allow-Origin" is set to
>>>> "*".
>>>> This doesn't seem to work with keycloak.js adapter, at this line:
>>>> https://github.com/keycloak/keycloak/blob/master/adapters/
>>>> oidc/js/src/main/resources/keycloak.js#L341
>>>>
>>>> The req.status is 0. It seems that XMLHttpRequest doesn't like this
>>>> Access-Control-Allow-Origin="*".
>>>>
>>>> If I change the Web Origins to http://localhost:3000, it works.
>>>> Likewise, in KC=3.2, the Web Origins = * seems to be translated
>>>> automatically to Access-Control-Allow-Origin hea=
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> In KC 3.2, with Web Origin "*", the is transformed as "
>>>> http://localhost:3000"
>>>>
>>>>
>>>>
>>>> https://github.com/keycloak/keycloak/blob/master/adapters/
>>>> oidc/js/src/main/resources/keycloak.js#L337
>>>>
>>>>
>>>>
>>>>
>>>> On Tue, Dec 12, 2017 at 10:45 AM, Corentin Dupont <
>>>> corentin.dupont at gmail.com
>>>> > wrote:
>>>>
>>>> > Hi guys,
>>>> >
>>>> > I use this code in my javascript application:
>>>> >
>>>> > var keycloak = Keycloak();
>>>> > keycloak.init().success(function(authenticated) {
>>>> > alert(authenticated ? 'authenticated' : 'not
>>>> authenticated');
>>>> > }).error(function() {
>>>> > alert('failed to initialize');
>>>> > });
>>>> >
>>>> > Since I updated Keycloak I get the message 'failed to initialize'.
>>>> > It was working well with the previous version of KC 3.2.
>>>> >
>>>> > What could it be? How can I get a better error message?
>>>> >
>>>> >
>>>> > Thanks!
>>>> >
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>
More information about the keycloak-user
mailing list