keycloak-angular: Infinite Loop with url params after redirection from keycloak server
Versions.
The versions for the keycloak angular and the keycloak-js are given below.
Angular version - 8.2.4 keycloak-angular - 7.2.0 keycloak-js - 10.0.1
Repro steps.
After configuring the keycloak as given in the documentation, the site is redirecting to the keycloak page and shows login page. But once logged in, it redirects back to the application and causes infinite redirection loop with url parameters. The redirection flow is given below.
- The angular application redirects to keycloak.
- Keycloak after authentication redirects back to angular application with session_state, and code values as url parameters.
http://localhost:5000/?state=e3eb1104-4e49-4f35-8277-7a02d10a7ec1&session_state=99826a89-eb5d-48a8-a73c-76cd9b007401&code=85a45a70-f647-4bec-984e-389e410d5757.99826a89-eb5d-48a8-a73c-76cd9b007401.93de3ba7-4a58-418e-893f-8340217592fb
3. The angular application then redirects to root url
http://localhost:5000
- Once the root url is loaded, the login redirect is triggered to keycloak. And the process repeats again.
I tried to debug this issue. But the redirection seems to happen within keycloak library, and the application code seems to have no control over it.
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 18 (1 by maintainers)
For me, it was solved by setting initialNavigation to “enabledNonBlocking” in the parameters of the router module (it was set to “enabledBlocking”).
The only problem is that “enabledBlocking” is required for the server side rendering to work
I had this issue too. We later found out that the reason behind it was incorrectly set up keycloak. Add * in weborigins of your realm settings. It solves this issue.
I hope that this works for you too. If not try the solutions above.
Ok. This here works without the infinite Redirect. BUT, it does not work when navigating into the page via angular router. only on direct access via url. It tells me, that the service does not wait for the onReady event before returning authenticated for the first time.
@twopelu I can confirm that it is some race condition. It is quite simple to prove.
You will see that isLoggedIn() returns false first. After the 1 second delay it becomes true. This should be solvable.
But anyway, the guard should return false in case of not authenticated user.