I'm using Keycloack in my angularjs app for login and its working fine.
But after the login in the application when ever a user tries to do a page refresh (F5) the application will logout and it will show the login page to the user.
Can someone please let me know what can be cause of this issue?
I got where is the issue ,please find attached screen shot
So i checked the Keyclock documentation and they wrote
The next execution is a subflow called Forms. Since this subflow is
marked as alternative it will not be executed if the Cookie
authentication type passed. This subflow contains additional
authentication type that needs to be executed. The executions for this
subflow are loaded and the same processing logic occurs
So considering above documented statement i made changes in keyclock server as well and it worked
Related
I'm not posting any code, but can if anyone believes it's relevant. But the symptoms don't seem to point to the page or the code.
We have configured a Digital Experience. For the experience, we have created a single Visualforce page. The guest profile has been given access to the page and the page's controller. We have assigned that page as the "Active Site Homepage". The site will work as planned, meaning that when going to the base site URL or directly to the page, it will load without authentication. After a given amount of time (which we are not sure how long at this point) of the site not being accessed, when attempting to access the site, it will require authentication.
When that happens we try to troubleshoot. For example, I commented out some of the code on the page that was loading a Visualforce component. Tried loading the page, but it still took me to the login page. So I removed my comments, setting the page back to normal. Suddenly the page starts working and is accessible to everyone, from any location. Even for people who have never logged into the backend org. The page will continue to work for the rest of the day. The next morning we are back to square 1 and the site is requiring authentication.
I thought maybe it was the proxy caching by Salesforce, so I told everyone to stay out of the experience and waited 30 minutes. Since Salesforce says the caching is 10 minutes. But when I went to the page it worked without requiring authentication and I'm pretty sure that tomorrow morning it will start asking for authentication again.
The biggest issue is that we can't seem to troubleshoot. I will make a change to try and see what is happening and sometimes that change will cause the page to work, but then immediately reversing that change doesn't cause the page to break.
Has anyone else experienced this behavior before?
Interesting.
You might have more luck posting in dedicated https://salesforce.stackexchange.com/
Have you tried attaching debug logs? You can find the special {site name} guest user in the lookup and put debugging on for 24h, maybe it'll catch something. Is there any fancy JavaScript on the page that might be causing redirects, lazy loading of some images that might need authentication? Is there a LiveAgent embedded in the community?
Put up as simple version of the page as you can and inspect the generated html. Maybe you're using spyware... sorry, analytics / tracking scripts like Google Tag Manager or Adobe's?
Have you tried browsing with browser's console open (typically F12), maybe you'll catch something weird in Network tab that fails and redirects you to login page. Can you reliably reproduce it in incognito / inprivate / etc mode? Maybe something with cookies?
I have a React application which integrates with Quickbooks. The OAuth2.0 flow works most of the time, but for certain accounts the flow will, after logging in with username/password, present a totally blank window. It should present at that point the approval step to grant access to the service (my application).
Does anyone know what the cause may be here? If the error is on Intuit's side, is there any form of remediation?
Again, this is working with other people's production quickbooks accounts... it is only seemingly random ones that will get stuck on the blank page so that they can not authorize the app for Quickbooks.
An example of the URL we send users to is:
https://appcenter.intuit.com/app/connect/oauth2/authorize?client_id=OCLba5bC6aabduQapuVKZKzv0j3bAuYHLbkLM8yB0E7um4ieQV&redirect_uri=https://app.example.com/oauth-redirect&response_type=code&scope=com.intuit.quickbooks.accounting%20openid%20profile%20email%20phone%20address&state=quickbooks-9bptP0PAA1jcZ3LcpzkRZp1tKOyi0pm8HrZeXxqc
I have an ionic 1 (angularjs) app, which doesn't work offline, on first launch user creates account, logs in and next time he opens app he is already logged in.
The scenario is I am looking for is an offline mode(that is without internet connection), here if the user is not connected to internet he's not allowed to explore the app, here i want to let the user explore the app even without internet connection, with the credentials already logged in.
A lot of resources suggests to use localstorage, but i can't find any relevant resources regarding the same.
I have spent hour reading and testing different approaches but well even more confused than ever. It seems to me as such important feature of hybrid app that there should be a good implementation... Would appreciate any help/suggestions/examples/links...
My ultimate goal would be that once authorized user can access and manipulate his profile data even if in offline mode. That means that opening app allready logs him in an his profile info is stored as well.
My minimum viable goal would be that when app is opened app recognizes user, checks as logged in, redirects to logged in state and makes http to get all user details. While user is waiting for that response there are loading spinners but he can start to use logged in app experience.
Your connection windows is controlling your App. So basing on this, you can easily make a checknetwork function to make it check if you want.
If this function return "false" then you bypass the login if only the user has already logged in.
On your provider for the LogPage, you should control this kind of things with shared values as
let isOnceConnected: boolean;
Hope this help.
bro just store your token generated by the server or user data in local storage, If the user is in the local storage then redirect the page other send it to the login page,
local storage like
to set =>
localStorage.setItem('auth-token', JSON.stringify(access_token));
to get =>
JSON.parse(localStorage.getItem('auth-token'));
Also, you can use Storage plugins to store any data.
I am using angular-oauth2-oidc with Identity Server 4.
Users need to Login via OpenId Connect Implicit Flow. My Id and Access token are stored in the web browser localStorage.
When user opens multiple browser tabs and then user logs out from one of the tabs, how should I handle rest of the tabs?
I have tried to catch session_terminated events , and they try to log the user out. However, it does not redirect the user back to the login page.
this.oauthService.events.filter(e => e.type ==='session_terminated')
.subscribe(e => {this.oauthService.logout();})
any suggestions? thanks
Interesting. It was on my to do list to see how this works with the library anyways.
I had already created a dedicated playground example repo that was perfect for testing this. What I found was that there are two distinct scenarios:
The user goes to the IdentityServer themselves, and click log out
The user does a Single Sign Out via our own app
Only in the first scenario do you get a session_terminated event. In the second scenario (which you seem to have) you get a session_error event in the second tab because the first tab:
Clears your stored tokens
Redirects you to the log out page (where you still have to click log out)
You can see as much in these screencaptures:
Scenario 1: log out explicitly in a third tab
Scenario 2: log out from the app
So I think your solution is to also hook into session_error, or something similar.
Footnote: thinking some more about the above, I reckon that other workarounds might also be possible by listening to localStorage events, and notice when the access_token is being cleared by another tab.
This is what the OIDC session management spec is all about. You can be notified on the client side when their IDP session changes/ends and then react accordingly.
http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification
Works well, doesn't have any network overhead and gives you full control over what to do when the condition is detected.
I've experienced a similar issue: using angular-oauth2-oidc with default storage (sessionStorage) leads to the behavior that if a user opens a new Tab (Tab B), he is being logged-in again with a new Token. When he logs-out on Tab A, the token stored in sessionStorage of Tab B is still there, of course.
Using localStorage has the disadvantage that the token is persisted even if the browser is closed (kinda "keep me logged in").
What I've done to overcome this is using an own OAuthStorage that internally uses sessionStorage but if the user logs out, it sends an event to all other open Browser-Tabs and triggers a clearing up of the session-storages there.
See the accroding gist
You can check if access_token is invalid in localstorage or sessionStorage
#HostListener('window:storage', ['$event'])
onStorageChange(e) {
if (e.storageArea === localStorage) {
else if(e.key === 'access_token' && !e.newValue && !this.oauthService.hasValidAccessToken()) {
this.authTokenService.logout();
}
}
}
I want to include Facebook Connect in a Cakephp app that I'm working on. Right now, I'm trying to implement auto-login with Facebook Connect. I'm able to start a new login session by writing stuff to $this->Session whenever a user's Facebook Connect status is "connected", so I've got the first half of the feature working. The problem comes when the user tries to log off. Like The Run Around demo app, I've got a linke like this:
<a onclick="FB.Connect.logout(redirect_to_logout_action)">log out</a>
The logout action clears the login session variable, but on the next page, the user is still logged in to my site, but not Facebook. The user can log out of my site if he hits the log out link again, so I'm thinking that when he first tries to do this, he gets a new login session on my site, because facebook_client()->get_loggedin_user() is still returning something. Am I doing something wrong here? I thought when my server got the logout request that the Facebook cookies would be cleared by FB.Connect.logout :?
Have your javascript first do:
FB.Connect.logout
Then
location.href="/logout.php";
And on logout.php have
session_destroy();
session_start();
As abales said, I would ensure that whatever logout action is being redirected to calls the following method against the CakePHP Session component:
$this->Session->destroy();
That should eliminate the Cake/PHP session. After that, redirect to whatever controller+action is appropriate for a user that isn't logged in.
allyourcode,
I had similar issues in an app I built several months ago. We were using the Facebook component (like the one found here: from http://savarino.net/facebook-cakephp).
If I recall correctly, we ended up building a logout method that looked something like this:
$logout_url = $this->Facebook->facebook->get_logout_url('http://' . $_SERVER['SERVER_NAME'] . $this->webroot);
try {
$this->Facebook->facebook->expire_session();
} catch (Exception $e) {
$this->Facebook->facebook->set_user(null, null);
$this->Facebook->facebook->clear_cookie_state();
}
$this->redirect($logout_url);
I'm sorry I cannot be more specific. It's been several months since I've been back inside that app (and several projects since then) but, hopefully this will point you in the right direction.
Seth