Use back keycloak-js instead of initiate login in the backend for account #42035
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jonkoops
reviewed
Aug 21, 2025
…ount Closes keycloak#40463 Signed-off-by: rmartinc <[email protected]>
jonkoops
approved these changes
Aug 26, 2025
Contributor
|
@rmartinc I am moving this out of draft in your absence, I agree with the approach here. I'll have some other reviewers check this out as well. |
pedroigor
approved these changes
Aug 26, 2025
Contributor
pedroigor
left a comment
There was a problem hiding this comment.
I agree about the mess. The discussions at that time were basically changing UIs vs backend, whereas the UI was, in theory, too hard to change in order to avoid rendering the React app when users are not yet authenticated.
If we are still handling errors properly and the spinner is shown instead of initing the React app, LGTM.
rmartinc
added a commit
to rmartinc/keycloak
that referenced
this pull request
Sep 8, 2025
…ount (keycloak#42035) Closes keycloak#40463 Signed-off-by: rmartinc <[email protected]> (cherry picked from commit 360ff70)
rmartinc
added a commit
to rmartinc/keycloak
that referenced
this pull request
Sep 8, 2025
…ount (keycloak#42035) Closes keycloak#40463 Signed-off-by: rmartinc <[email protected]> (cherry picked from commit 360ff70)
rmartinc
added a commit
to rmartinc/keycloak
that referenced
this pull request
Sep 8, 2025
…ount (keycloak#42035) Closes keycloak#40463 Signed-off-by: rmartinc <[email protected]> (cherry picked from commit 360ff70)
mposolda
pushed a commit
that referenced
this pull request
Sep 8, 2025
…ount (#42035) Closes #40463 Signed-off-by: rmartinc <[email protected]> (cherry picked from commit 360ff70)
mposolda
pushed a commit
that referenced
this pull request
Sep 9, 2025
…ount (#42035) Closes #40463 Signed-off-by: rmartinc <[email protected]> (cherry picked from commit 360ff70)
rmartinc
added a commit
to rmartinc/keycloak
that referenced
this pull request
Sep 17, 2025
…ount (keycloak#42035) Closes keycloak#40463 Signed-off-by: rmartinc <[email protected]> (cherry picked from commit 360ff70)
rmartinc
added a commit
to rmartinc/keycloak
that referenced
this pull request
Sep 17, 2025
…ount (keycloak#42035) Closes keycloak#40463 Signed-off-by: rmartinc <[email protected]> (cherry picked from commit 360ff70)
rmartinc
added a commit
to rmartinc/keycloak
that referenced
this pull request
Sep 17, 2025
…ount (keycloak#42035) Closes keycloak#40463 Signed-off-by: rmartinc <[email protected]> (cherry picked from commit 360ff70)
rmartinc
added a commit
to rmartinc/keycloak
that referenced
this pull request
Oct 29, 2025
…ount (keycloak#42035) Closes keycloak#40463 Signed-off-by: rmartinc <[email protected]> (cherry picked from commit 360ff70)
PeterGFernandez
pushed a commit
to PeterGFernandez/keycloak
that referenced
this pull request
Jan 19, 2026
…ount (keycloak#42035) Closes keycloak#40463 Signed-off-by: rmartinc <[email protected]> (cherry picked from commit 360ff70)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #40463
After checking this I think the only way of doing this OK without changing things a lot is going back and use
keycloak-jsnormally again. If I understood this correctly, the initial issue #31469 was reported because the console was displayed empty, and the login was requested later when the login was required for the first request (401). This PR does the following:keycloak-jsto login again (automatically now because cookies are in place), but it was a second round-trip in events. The JS part cannot use the state or code verifier generated by the backend. It makes no sense.ui-sharedalways initiates the login if not already authenticated. This way nothing is displayed (just thespinner) and if the redirect is needed, from the spinner you go to the login page. Nothing is shown except the spinner if you are not logged in. The shared part is used for both consoles (admin and account).keycloak-jsis used we need a real browse (firefox or chrome) to execute the JS needed to login. I have changed those tests to use other thing instead of the account console.AccountConsoleTestis the only test that really checks the account functionality This one is moved to theformspackage to be used with firefox and chrome. The scopes are correctly respected. The only little difference is that thekeycloak-jsalways addsopenid, but I think that this is OK.error_descriptionreturned. The only error accepted now is a JSErroror theerrorgenerated byekeycloak-js. As theerroris standard I have provided the translations for it, and only the standard errors are displayed. Other unknown error uses always the same message.It's a draft for now. Because maybe you see another approach (but I really don't see anything better than this).