Session lost on window refresh

[mllull]

Hi guys,

I found that this lib is working fine if you log in throught keycloak, but if you refresh window (tipically if you are developing the app), it loses the session and have to re-enter keycloak for login.

You can try it in example-app. if you enter /secret , you could see token info. But if you press F5, you keep on /secret page but there is no token. This is because keycloak lib doesn't authenticate the user.

I have googled but can't find how to read cookie session and pass it to keycloak lib to authenticate.

[baltom]

This is because the example app is configured to use "check-sso" which will not automatically re-authenticate the user after a refresh. For this to work the "silentCheckSsoRedirectUri" attribute needs to be provided

You can configure a silent check-sso option. With this feature enabled, your browser won’t do a full redirect to the Keycloak server and back to your application, but this action will be performed in a hidden iframe, so your application resources only need to be loaded and parsed once by the browser when the app is initialized and not again after the redirect back from Keycloak to your app. This is particularly useful in case of SPAs (Single Page Applications).
https://www.keycloak.org/docs/latest/securing_apps/#_javascript_adapter

I guess it should be added to the example as well though 🤔

[mllull]

I already tried your solution before, but it does'nt work. If you put this config in your example-app you can see that there is no calls to silent-check-sso.html page. I don't know if is a limitation of my keycloak-js version (which is 10.0.2) or anything else.

There is my ini keycloak config:

init: {
    // Use 'login-required' to always require authentication
    // If using 'login-required', there is no need for the router guards in router.js
    onLoad: "check-sso",
    silentCheckSsoRedirectUri: window.location.origin + "/silent-check-sso.html"
  }

[baltom]

Did you also add the "silent-check-sso.html" page to your "public" folder?

<html>
<body>
<script>
  parent.postMessage(location.href, location.origin)
</script>
</body>
</html>

As that combined with the silentCheckSsoRedirectUri works for me. However there is some timing issues with the example i see where createLoginUrl is called on the keycloak object before it actually exists therefor it crashes in the route guard

[mllull]

However there is some timing issues with the example i see where createLoginUrl is called on the keycloak object before it actually exists therefor it crashes in the route guard

Yes, I had to deal with it waiting for keycloak.ready.

Did you also add the "silent-check-sso.html" page to your "public" folder?

Yes, I previously added this file, but in Devtools > Network I was able to see any request to silent-check-sso.html. I will try it on example-app.

Can you confirm that, if you enter in secret page (and can see the token info), when pressing F5 key you still see the token info after window refresh? 🤔

[baltom]

Yeah if i remove the router guard functionality that crashes ill get the token info on the secret page after a refresh

[mllull]

What version of KC Server do you use? 🤔

Edit: I have tried with KC Server v10.0.2 and same error happens.

[baltom]

We are not using keycloak directly, but redhat-sso. My test was done with the "docker-compose environment" that you get from running /examples/docker-compose.yml. So keycloak 9.0.3

[mllull]

Oh my f***ing god!! My browser was locking KCServer Cookies!!! 🤦‍♂️

Now its working like a charm!! Many thanks @baltom ! I will create a PR adding silentCheckSsoRedirectUri config to example-app

Thanks!

[baltom]

hehe awesome! 😄 and we appreciate a PR!