We use Keycloak 2.3.0.Final , and we use the Javascript adapter available at /auth/js/keycloak.js. An application using this adapter is a React + Redux application, but it does not matter.
When we go through the auth process described in docs , the initial authentication is successful, however, when we login-status-iframe.htmltry to update the token, we get Deny 403. The exact URL used to update the token /auth/realms/<customer-realm>/protocol/openid-c…id=web-portal&origin=http%3A%2F%2Flocalhost%3A8080&session_state=undefined. This causes redirection over and over again.
I assume this breaks because session_stateparam undefined, but unfortunately I can not find the documentation on this.
How to resolve this?
source
share