You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Could we set the cookies on a domain and allow all subdomains? There seems to be no config for that.
ex. .my-domain.com* so any site on the same domain can access the cookies (not login.my-domain.com etc fixed)?
Right now the PKCE SPA redirects to KC and it responds with 302, keycloak js reads the session cookies and does /token request.
I see AUTH_SESSION_ID, KC_AUTH_SESSION_HASH, KC_RESTART, KEYCLOAK_IDENTITY, KEYCLOAK_SESSION being set.
Keycloak-js cannot read or detect these cookies on page reload/refresh/load. So it redirects to login page.
However the cookies are present - when it makes /token request to the kc domain, this one gets these cookies attached and it works.
Most of them are set as httpOnly but KEYCLOAK_SESSION is not.
But on page reload/refresh/load it can't check it since it's host only for the subdomain.
I could not find any config, env flag to change the Domain behavior for cookies in Keycloak documentation.
And if it were on accessible - can keycloak.js already check it's presence (kcInstance?.authenticated / kcInstance.init response)?
If it could do token request if KEYCLOAK_SESSION is present - it could prevent the redirect/silent check. If it fails, you get fail event and do the login() call, otherwise it gets the token/refresh token.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Could we set the cookies on a domain and allow all subdomains? There seems to be no config for that.
ex. .my-domain.com* so any site on the same domain can access the cookies (not login.my-domain.com etc fixed)?
Right now the PKCE SPA redirects to KC and it responds with 302, keycloak js reads the session cookies and does /token request.
I see AUTH_SESSION_ID, KC_AUTH_SESSION_HASH, KC_RESTART, KEYCLOAK_IDENTITY, KEYCLOAK_SESSION being set.
Keycloak-js cannot read or detect these cookies on page reload/refresh/load. So it redirects to login page.
However the cookies are present - when it makes /token request to the kc domain, this one gets these cookies attached and it works.
Most of them are set as httpOnly but KEYCLOAK_SESSION is not.
But on page reload/refresh/load it can't check it since it's host only for the subdomain.
I could not find any config, env flag to change the Domain behavior for cookies in Keycloak documentation.
And if it were on accessible - can keycloak.js already check it's presence (kcInstance?.authenticated / kcInstance.init response)?
If it could do token request if KEYCLOAK_SESSION is present - it could prevent the redirect/silent check. If it fails, you get fail event and do the login() call, otherwise it gets the token/refresh token.
Beta Was this translation helpful? Give feedback.
All reactions