[keycloak-user] Keycloak JS library: iframe redirect when already logged in

Kelsey RIDER kelsey.rider at ineat-conseil.fr
Mon Apr 8 08:38:08 EDT 2019 

Hello,

I’m working on an SPA that uses keycloak.js to interact with my Keycloak. I initialize the Keycloak object with onload = ‘check-sso’ and checkLoginIFrame enabled.

If I perform the following steps:

  *   Load my site
  *   Click my “login” button (call Keycloak.login())
  *   get redirected to Keycloak’s login page, login, get redirected back to my app
  *   Reload my site
I observe that when the site reloads, it does a quick redirection (the URL briefly changes from mysite.com to mysite.com/#state=….. then back to mysite.com).
I would like to avoid having this redirection when I’m already logged in.

By debugging the code, I found out why this happens:

  *   The login-status-iframe.html page is essentially just a wrapper for some static JS to manage a cookie that stores the auth tokens.
  *   Its main method checkState() is called from keycloak.js during initialization…with no token (sessionState is empty since keycloak.js is not aware of the cookie).
  *   The login iFrame’s code reads the cookie and creates an XHR request to …/login-status-iframe.html/init?... with the cookie in the request headers.
  *   When it gets a 204 response (which I take to mean: the cookie is valid, everything’s OK), it compares the token (from the cookie) with what it was given from keycloak.js (i.e. nothing).
  *   Since they are not equal, it responds to the callback with ‘changed’.
  *   This is interpreted in keycloak.js to mean that (the token changed?) and thus it calls doLogin(false), which is where it changes the URL, creating the unwanted redirect.

So my questions are thus:

  *   Where is the documentation for API for the call to login-status-iframe.html/init?
  *   Would it be possible to do something like:
     *   Have the login-status-iframe return the token, when the KC server informs it that the token is still valid (e.g. ‘update XXXXX’ instead of ‘changed’)
     *   keycloak.js would then take this and update its token, without having to call doLogin()

Many thanks,

Kelsey Rider

More information about the keycloak-user mailing list