requestStorageAccess errors on Chrome 124.0.6367.118 (Official Build) (64-bit)

[idc77]

Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

adapter/javascript

Describe the bug

I'm using a wrapper package for keycloak-js, and have reported this bug at their repo
dsb-norge/vue-keycloak-js#189

After successful login on Chrome 124.0.6367.118 (Official Build) (64-bit), I'm greeted with a blank page and

step1.html:1 requestStorageAccess: Must be handling a user gesture to use.
step1.html:1 requestStorageAccess: Permission denied.
keycloak-6hgMzNWr.js:1 Error: Failure during initialization of keycloak-js adapter
    at index-C1r_MQVe.js:35:2435
onInitError @ keycloak-6hgMzNWr.js:1

also the iss field keeps repeating

https://cooksbooks.de/#iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks

It doesn't matter if I have checkLoginIframe true or false.

When I refresh the page, I'm logged in.

On Firefox 125.0.3 (64-bit) this issue doesn't appear. I'm able to log in and there's nothing in the console.

Version

24.0.3

Regression

• The issue is a regression

Expected behavior

No error in Chrome's console and not see a blank page after successful login and not needing to manually refresh the browser.

Actual behavior

step1.html:1 requestStorageAccess: Must be handling a user gesture to use.
step1.html:1 requestStorageAccess: Permission denied.
keycloak-6hgMzNWr.js:1 Error: Failure during initialization of keycloak-js adapter
    at index-C1r_MQVe.js:35:2435
onInitError @ keycloak-6hgMzNWr.js:1

How to Reproduce?

Use Chrome 124.0.6367.118 (Official Build) (64-bit)
Try logging in with keycloak-js at a SPA

Anything else?

@dsb-norge/vue-keycloak-js uses keycloak-js v21.1.2, but I have v24.0.3 installed

I found https://developers.google.com/privacy-sandbox/3pcd/related-website-sets-integration

[idc77]

In fact now SPAs that worked before have the same issue and are seeing this blank page after successful login when ''check-sso' is set.

[jonkoops]

@dsb-norge/vue-keycloak-js uses keycloak-js v21.1.2, but I have v24.0.3 installed

We don't support that version, please use the latest version of Keycloak JS

[idc77]

but I have v24.0.3 installed

package.json has "keycloak-js": "24.0.3",
However I have now added

  "overrides": {
    "@dsb-norge/vue-keycloak-js": {
      "keycloak-js": "24.0.3"
    }
  }

and the issue has evolved.
I guess it still is the same issue, but I have since moved the keycloak instance to the same server the SPA is hosted on and now have a different issue regarding PWA vs SPA.
Idk if I should create a new issue.

I have 4 days left until Google Play Developer deletes my account for not publishing 1 app in 1 year...

[jonkoops]

Do you have a reproducible case without a 3rd party library? Please provide a minimal and reproducible example. If you need I have this project which can help you reproduce the issue.

[idc77]

No, what do you want me to do, create a blank page with keycloak-js and check-sso, why don't you have that already?

This library is a Vue wrapper that essentially takes keycloak-js and makes it reactive. (https://github.com/dsb-norge/vue-keycloak-js/blob/main/src/index.ts)
Look, if you don't want to take care of it, don't.
This issue will remain and won't get fixed and more people will have it.
For me that means keycloak is no longer usable for future projects.
I'll have to seek out a different oidc idp.
I worked around this issue by moving the keycloak instance to the same server the SPA is hosted on and mounting the local keycloak under /auth/, which leads to the PWA version having issues, "Timeout while connecting blah", the keycloak-js xhr fails 3 times on Chrome 4 times on Firefox.

I can no longer consider keycloak being production ready.

https://6s4.de is my testbed.
https://connect.icod.de is the keycloak instance's url.

You can log in and see it for yourself
username: user
password: keycloak-123456

1st you'll get an error about 'login required'.
Then you can refresh the page, and be logged in.
Then you'll see

Meanwhile I've upgraded to v24.0.4 and 6s4.de is using v24.0.4.

The 3rd party package splits off realm info to "config" but merges it later.

      init: {
        onLoad: 'check-sso',
        flow: 'standard',
        pkceMethod: 'S256',
        silentCheckSsoRedirectUri: window.location.origin + '/silent-check-sso.html',
        checkLoginIframe: false,
        scope: 'openid email profile roles',
      },
      config: {
        url: process.env.KEYCLOAK_URL,
        realm: process.env.KEYCLOAK_REALM,
        clientId: process.env.KEYCLOAK_CLIENTID
      },

[jonkoops]

No, what do you want me to do, create a blank page with keycloak-js and check-sso, why don't you have that already?

Such a project already exists, like the one I linked in my comment, you can fork that an use it to create a reproducible case.

I suggest you moderate your tone, as I am only trying to help you and as an open-source project we are in no manner obliged to help you. As you can see from our backlog we are chronically overloaded with work, so we do not have time to triage every issue, hence we ask you to put in a minimal effort to make things easier for all of us.

[keycloak-github-bot]

Thanks for reporting this issue, but there is insufficient information or lack of steps to reproduce.

Please provide additional details, otherwise this issue will be automatically closed within 14 days.

[keycloak-github-bot]

Due to lack of updates in the last 14 days this issue will be automatically closed.