keycloak-uncached
Changes
adapters/oidc/js/src/main/resources/keycloak.js 31(+15 -16)
Details
adapters/oidc/js/src/main/resources/keycloak.js 31(+15 -16)
diff --git a/adapters/oidc/js/src/main/resources/keycloak.js b/adapters/oidc/js/src/main/resources/keycloak.js
index f0cae42..2def1e2 100755
--- a/adapters/oidc/js/src/main/resources/keycloak.js
+++ b/adapters/oidc/js/src/main/resources/keycloak.js
@@ -87,6 +87,10 @@
}
kc.flow = initOptions.flow;
}
+
+ if (initOptions.timeSkew != null) {
+ kc.timeSkew = initOptions.timeSkew;
+ }
}
if (!kc.responseMode) {
@@ -162,12 +166,8 @@
kc.onAuthSuccess && kc.onAuthSuccess();
initPromise.setSuccess();
}).error(function () {
- kc.onAuthError && kc.onAuthError();
- if (initOptions.onLoad) {
- onLoad();
- } else {
- initPromise.setError();
- }
+ setToken(null, null, null);
+ initPromise.setSuccess();
});
});
} else {
@@ -369,6 +369,11 @@
throw 'Not authenticated';
}
+ if (kc.timeSkew == null) {
+ console.info('[KEYCLOAK] Unable to determine if token is expired as timeskew is not set');
+ return true;
+ }
+
var expiresIn = kc.tokenParsed['exp'] - Math.ceil(new Date().getTime() / 1000) + kc.timeSkew;
if (minValidity) {
expiresIn -= minValidity;
@@ -653,12 +658,7 @@
if (token) {
kc.token = token;
kc.tokenParsed = decodeToken(token);
-
- var sessionId = kc.realm + '/' + kc.tokenParsed.sub;
- if (kc.tokenParsed.session_state) {
- sessionId = sessionId + '/' + kc.tokenParsed.session_state;
- }
- kc.sessionId = sessionId;
+ kc.sessionId = kc.tokenParsed.session_state;
kc.authenticated = true;
kc.subject = kc.tokenParsed.sub;
kc.realmAccess = kc.tokenParsed.realm_access;
@@ -666,6 +666,9 @@
if (timeLocal) {
kc.timeSkew = Math.floor(timeLocal / 1000) - kc.tokenParsed.iat;
+ }
+
+ if (kc.timeSkew != null) {
console.info('[KEYCLOAK] Estimated time difference between browser and server is ' + kc.timeSkew + ' seconds');
if (kc.onTokenExpired) {
@@ -677,11 +680,7 @@
kc.tokenTimeoutHandle = setTimeout(kc.onTokenExpired, expiresIn);
}
}
- } else {
- kc.updateToken(-1);
}
- } else if (refreshToken) {
- kc.updateToken(-1);
} else {
delete kc.token;
delete kc.tokenParsed;
diff --git a/adapters/oidc/js/src/main/resources/login-status-iframe.html b/adapters/oidc/js/src/main/resources/login-status-iframe.html
index f941663..b1012f7 100755
--- a/adapters/oidc/js/src/main/resources/login-status-iframe.html
+++ b/adapters/oidc/js/src/main/resources/login-status-iframe.html
@@ -53,7 +53,8 @@
req.send();
} else {
if (clientId === init.clientId && origin === init.origin) {
- if (sessionState === cookie) {
+ var c = cookie.split('/');
+ if (sessionState === c[2]) {
callback('unchanged');
} else {
callback('changed');
@@ -81,7 +82,7 @@
var origin = event.origin;
var data = event.data.split(' ');
if (data.length != 2) {
- event.source.postMessage('error', origin);
+ return;
}
var clientId = data[0];