Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issuer is appended to URL after login redirect using keycloack. #1415

Open
devl-up opened this issue Jun 12, 2024 · 1 comment
Open

Issuer is appended to URL after login redirect using keycloack. #1415

devl-up opened this issue Jun 12, 2024 · 1 comment

Comments

@devl-up
Copy link

devl-up commented Jun 12, 2024

Hello.

After logging in and getting redirected to my app, the issuer URL is appended to my URL

image

This is my setup

bootstrapping the service

const authConfig: AuthConfig = {
  issuer: 'https://localhost:8443/realms/poc-dev-realm',
  redirectUri: window.location.origin,
  clientId: 'poc-dev-client',
  responseType: 'code',
  scope: 'openid profile email offline_access',
  oidc: true,
};

const initializeAuthentication = (oauthService: OAuthService) => () => {
  oauthService.configure(authConfig);
  oauthService.setStorage(sessionStorage);
  return oauthService.loadDiscoveryDocumentAndTryLogin();
}

export const appConfig: ApplicationConfig = {
  providers: [
    provideZoneChangeDetection({ eventCoalescing: true }),
    provideRouter(routes),
    provideHttpClient(),
    provideOAuthClient(),
    {
      provide: APP_INITIALIZER,
      useFactory: initializeAuthentication,
      multi: true,
      deps: [OAuthService]
    }
  ]
};

And just to test, i have a login/logout button in my root component

@Component({
  selector: 'app-root',
  standalone: true,
  imports: [RouterOutlet],
  template: `
    <h1>Hello, {{email?? "Stranger"}}!</h1>
    <button (click)="login()">Login</button>
    <button (click)="logout()">Logout</button>
    <router-outlet></router-outlet>
  `,
  styles: [],
})
export class AppComponent {
  private readonly oauthService = inject(OAuthService);

  public get email() {
    const claims = this.oauthService.getIdentityClaims();
    if (!claims) return null;
    return claims["email"];
  }

  public login() {
    this.oauthService.initLoginFlow();
  }

  public logout() {
    this.oauthService.logOut();
  }
}

I checked my Keycloak terminal logs and don't see it anywhere there

response_type="code", redirect_uri="http://localhost:4200", redirected_to_client="true", response_mode="query"

As for my Keycloak client settings, pretty standard too.

image

Thanks a lot !
@aaronclawrence
Copy link

This is not actually appended, its a modified form of the callback with most of the query string stripped out, which the library replaces for "security" reasons (?). See the setting
/**

  • Normally, you want to clear your hash fragment after
  • the lib read the token(s) so that they are not displayed
  • anymore in the url. If not, set this to true. For code flow
  • this controls removing query string values.
    */
    preventClearHashAfterLogin? = false;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aaronclawrence