[keycloak-user] Need guidance on auto login feature
Tony Harris
Tony.Harris at oneadvanced.com
Mon Apr 8 12:11:35 EDT 2019
If you add the header X-Requested-With: XMLHttpRequest then Keycloak will switch into beaer-only mode and not direct these XMLHTTPRequests to the login page when your token expires, instead it will return a HTTP 401 response.
You may need to add autoDetectBearerOnly="true" to your keycloak application config json file too as well.
-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Khyati Kataria
Sent: 08 April 2019 15:13
To: keycloak-user at lists.jboss.org
Subject: [keycloak-user] Need guidance on auto login feature
Hi,
I would like to get some guidance on following scenario.
I have a requirement to skip keycloak login page by setting up header using bearer token. Is this a right approach ? or is there any way I can skip login page and be able to logged in customer service console
Scenario:
1) create bearer token invoking:
POST to http://<server>/auth/realms/test/protocol/openid-connect/token/
with post data:
grant_type=password&client_id=client&username=admin&password=admin1
read the token from response
2) do a get using new XMLHttpRequest() and setting the header xhr.open("GET", "http://<server>/csc/", true); xhr.setRequestHeader('Authorization', 'Bearer ' + token);
after doing this we can see on network traces that it actually bring the subscribed ID page but with this we do only a "static" get, and we see all cookies are set
3) finally from page we do a redirect to http://server/csc so browser really opens the portal (and not just get the content), but at this stage we get redirected to Keycloak login form
I don't want redirect to login form, I need guidance on this. Is this possible to have auto login ? or anyway we can skip login page ?
Regards,
Khyati
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
________________________________
Please consider the environment: Think before you print!
This message has been scanned for malware by Websense. www.websense.com
More information about the keycloak-user
mailing list