You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using Keycloak, the session_state is included in the response by default. That appears to cause oidc-react (or oidc-react-js?) to make multiple authentication requests in the background under Firefox at least. Keycloak has an option under OpenID Connect Compatibility Modes to Exclude Session State From Authentication Response. If I set that to "On", then it works as expected.
I've prepared a reproducer using the sample app and a keycloak docker image with a realm already set up. The repos are here:
You can log in to the app with user admin password admin.
You can log into the keycloak admin console at http://keycloak/ with user admin password kcadmin.
The login will work, but you should see multiple requests to keycloak after logging in. It's also easy to see by looking at network traffic in devtools.
The sample app/reproducer breaks reliably for me in Firefox, but not Chromium. However, in the actual application I'm working on, I also see the behavior in Chromium (perhaps a race condition with the session state and storage is involved).
The text was updated successfully, but these errors were encountered:
Thanks for posting this, and with awesome detail too!
Unfortunately, I'm busy with a few launches at the moment (which is also the reason it has taken so much time to answer you). I have this on my list, and hope to get to it very soon!
Thank you for your patience, and feel free to do research/debugging and open pull requests!
When using Keycloak, the session_state is included in the response by default. That appears to cause oidc-react (or oidc-react-js?) to make multiple authentication requests in the background under Firefox at least. Keycloak has an option under
OpenID Connect Compatibility Modes
toExclude Session State From Authentication Response
. If I set that to "On", then it works as expected.I've prepared a reproducer using the sample app and a keycloak docker image with a realm already set up. The repos are here:
Dockerfile: https://github.com/jeblair/keycloak-sample
Sample app: https://github.com/jeblair/example-oidc-react
Here's how to run the reproducer:
127.0.0.1 keycloak
to /etc/hostsYou can log in to the app with user
admin
passwordadmin
.You can log into the keycloak admin console at http://keycloak/ with user
admin
passwordkcadmin
.The login will work, but you should see multiple requests to keycloak after logging in. It's also easy to see by looking at network traffic in devtools.
The sample app/reproducer breaks reliably for me in Firefox, but not Chromium. However, in the actual application I'm working on, I also see the behavior in Chromium (perhaps a race condition with the session state and storage is involved).
The text was updated successfully, but these errors were encountered: