Keycloak infinite redirect

Question

We are using Keycloak 2.3.0.Final and we are using the Javascript adapter that is available at /auth/js/keycloak.js. The application that is using this adapter is an React+Redux application but that would not matter.

When we go through the auth process described in the docs the initial authentication is a success however when the login-status-iframe.html tries to refresh the token we get a 403 Forbidden. The exact URL it's using to refresh the token /auth/realms/<customer-realm>/protocol/openid-c…id=web-portal&origin=http%3A%2F%2Flocalhost%3A8080&session_state=undefined. Which causes a redirect again, again and again.

I'm assuming that this breaks because session_state param is undefined but sadly I can not find any documentation on this subject.

How do I resolve this?

Answer 1

I don't know if you ever found a solution, but I recently ran into this issue as well. In this issue thread, user djmason9's solution worked for me. Just add checkLoginIframe: false for the initOptions parameter.

Answer 2

This almost certainly is happening because your router is in "hash" mode and using hashes for the routes. I haven't figured out how to get the keycloak javascript adapter to work properly with hash-mode based routing, but at least you should know that's the issue you are up against. In Vue, you can set the router to "history" mode where it works without hashes, and that solves the problem. I am betting React has the same capability, as a work around.

(I realize this question is old, but it is surfacing at the top of duckduckgo searches and the problem still exists in current versions of the javascript adapter, so I felt like it could use an answer)