Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiple round-trips to IDP when session_state is included in response #752

Closed
jeblair opened this issue Oct 29, 2021 · 4 comments
Closed

Comments

@jeblair
Copy link

jeblair commented Oct 29, 2021

When using Keycloak, the session_state is included in the response by default. That appears to cause oidc-react (or oidc-react-js?) to make multiple authentication requests in the background under Firefox at least. Keycloak has an option under OpenID Connect Compatibility Modes to Exclude Session State From Authentication Response. If I set that to "On", then it works as expected.

I've prepared a reproducer using the sample app and a keycloak docker image with a realm already set up. The repos are here:

Dockerfile: https://github.com/jeblair/keycloak-sample
Sample app: https://github.com/jeblair/example-oidc-react

Here's how to run the reproducer:

  1. add 127.0.0.1 keycloak to /etc/hosts
  2. docker run -p8082:8082 jeblair/keycloak-sample
  3. git clone https://github.com/jeblair/example-oidc-react
  4. cd example-oidc-react
  5. yarn start

You can log in to the app with user admin password admin.

You can log into the keycloak admin console at http://keycloak/ with user admin password kcadmin.

The login will work, but you should see multiple requests to keycloak after logging in. It's also easy to see by looking at network traffic in devtools.

The sample app/reproducer breaks reliably for me in Firefox, but not Chromium. However, in the actual application I'm working on, I also see the behavior in Chromium (perhaps a race condition with the session state and storage is involved).

@simenandre
Copy link
Member

Thanks for posting this, and with awesome detail too!

Unfortunately, I'm busy with a few launches at the moment (which is also the reason it has taken so much time to answer you). I have this on my list, and hope to get to it very soon!

Thank you for your patience, and feel free to do research/debugging and open pull requests!

@FreeFrags
Copy link
Contributor

FreeFrags commented Dec 15, 2021

Did you have any chance to look at this? I think i'm running into a similar issue

Edit: Sorry i found out that my issue was something different #763 although maybe related?

@simenandre
Copy link
Member

Does anyone want to help out on this?

@simenandre
Copy link
Member

Closing this as stale :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants