Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Login to Account Console produces two consecutive LOGIN events #40463

New issue
New issue
Closed
#42035
Closed
Login to Account Console produces two consecutive LOGIN events#40463
#42035
Assignees
rmartinc
Labels
area/account/uikind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.0.17release/26.2.9release/26.3.4release/26.4.0team/core-clientsteam/rh-iam
@thomasdarimont

Description

@thomasdarimont
thomasdarimont
opened on Jun 12, 2025

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

account/ui

Describe the bug

When an unauthenticated user logins in to the account console Keycloak will generate two separate consecutive LOGIN events.

Version

26.2.5

Regression

  • The issue is a regression

Expected behavior

Keycloak should only generate one LOGIN event when an unauthenticated user performs a login for the account-console client.

Actual behavior

Keycloak generates two LOGIN events when an unauthenticated user performs a login for the account-console client.

How to Reproduce?

  1. Enable event storage
  2. Login to account-console
  3. Observe two LOGIN events created for the account-console.

Anything else?

Keycloak Versions before v26.1.0 only one LOGIN event was produces for the account-console.

This was caused by my change in this PR: #32686
This only affects the account-console, other clients produce only one LOGIN event.

The Problem is that if we detect an unauthenticated user accessing the /account endpoint, we redirect the user to a generated authorize URL to spare the bootstrappung of the "heavy" react JS app which would then redirect the user.
The user now sees the login page and can authenticate. After successful authentication the user is sent back to the account console. This produces the first LOGIN event.
This time, we can detect the existing user session and this start to bootstrap the react JS app. The react JS app then performs the "real" auth code flow in the context of the already authenticated user session, which is then immediately redirected back to the account-console. This produces the second LOGIN event.

The following shows an example event sequence for different OIDC client:
Image 1:
Image
.. and here is an event sequence for the account-console:
Image 2:
Image

This leads to double counting of LOGIN events if users login to the account-console client.

I see the following options:

  1. somehow suppress the second "Event 2" shown in Image 2 for the account-console client
  2. handle the code-flow / token-management for the account-console on the account backend
  3. add additional event_details metadata about the LOGIN TYPE (e.g. interactive, session)

Metadata

Metadata

Assignees

Labels

area/account/uikind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.0.17release/26.2.9release/26.3.4release/26.4.0team/core-clientsteam/rh-iam

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions