[keycloak-user] Keycloak JS library: iframe redirect when already logged in

Kelsey RIDER kelsey.rider at ineat-conseil.fr
Wed Apr 10 03:28:10 EDT 2019 

Bump...does anybody have any information?

I also asked the question on StackOverflow: https://stackoverflow.com/questions/55606931/keycloak-js-library-iframe-redirect-when-alreadylogged-in


-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.jboss.org> On Behalf Of Kelsey RIDER
Sent: lundi 8 avril 2019 14:38
To: keycloak-user at lists.jboss.org
Subject: [keycloak-user] Keycloak JS library: iframe redirect when already logged in

Hello,

I’m working on an SPA that uses keycloak.js to interact with my Keycloak. I initialize the Keycloak object with onload = ‘check-sso’ and checkLoginIFrame enabled.

If I perform the following steps:

  *   Load my site
  *   Click my “login” button (call Keycloak.login())
  *   get redirected to Keycloak’s login page, login, get redirected back to my app
  *   Reload my site
I observe that when the site reloads, it does a quick redirection (the URL briefly changes from mysite.com to mysite.com/#state=….. then back to mysite.com).
I would like to avoid having this redirection when I’m already logged in.

By debugging the code, I found out why this happens:

  *   The login-status-iframe.html page is essentially just a wrapper for some static JS to manage a cookie that stores the auth tokens.
  *   Its main method checkState() is called from keycloak.js during initialization…with no token (sessionState is empty since keycloak.js is not aware of the cookie).
  *   The login iFrame’s code reads the cookie and creates an XHR request to …/login-status-iframe.html/init?... with the cookie in the request headers.
  *   When it gets a 204 response (which I take to mean: the cookie is valid, everything’s OK), it compares the token (from the cookie) with what it was given from keycloak.js (i.e. nothing).
  *   Since they are not equal, it responds to the callback with ‘changed’.
  *   This is interpreted in keycloak.js to mean that (the token changed?) and thus it calls doLogin(false), which is where it changes the URL, creating the unwanted redirect.

So my questions are thus:

  *   Where is the documentation for API for the call to login-status-iframe.html/init?
  *   Would it be possible to do something like:
     *   Have the login-status-iframe return the token, when the KC server informs it that the token is still valid (e.g. ‘update XXXXX’ instead of ‘changed’)
     *   keycloak.js would then take this and update its token, without having to call doLogin()

Many thanks,

Kelsey Rider

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Suite à l’évolution des dispositifs de réglementation du travail, si vous recevez ce mail avant 7h00, en soirée, durant le week-end ou vos congés merci, sauf cas d’urgence exceptionnelle, de ne pas le traiter ni d’y répondre immédiatement.

More information about the keycloak-user mailing list