Keycloak: Session cookies are missing within the token request with the new Chrome SameSite/Secure cookie enforcement

前端 未结 2 1511
天命终不由人
天命终不由人 2021-02-09 04:31

Recently my application using Keycloak stopped working with a 400 token request after authenticating.

What I found so far is that within the token request, the Keycloak

相关标签:
2条回答
  • 2021-02-09 04:43

    If you are facing this issue while using keycloak-js adapter.

    Then the reason for this issue:

    By default, the JavaScript adapter creates a hidden iframe that is used to detect if a Single-Sign Out has occurred. This does not require any network traffic, instead the status is retrieved by looking at a special status cookie.

    Workaround (Not a fix):

    This feature can be disabled by setting checkLoginIframe: false in the options passed to the init method.

    eg.,

    keycloak.init({ onLoad: 'login-required', checkLoginIframe: false })

    0 讨论(0)
  • 2021-02-09 04:43

    For those who are looking for a short time solution until they update their libraries.

    You can do the following in Chrome:-

    • Go to chrome://flags/
    • Search for "Samesite"
    • Disable "SameSite by default cookies" and "Cookies without SameSite must be secure" flags.
    • Relaunch.
    0 讨论(0)
提交回复
热议问题