Automatically logged out after logged in with Keycloak OIDC #86
Description
I configured OIDC with Keycloak in my Readflow instance and created a Keycloak client with "Client Authentication = Off", means that I only need my client-id in Readflow. The login itself works as expected and I got redirected to my Readflow "homepage", but after that I got automatically logged out after a few seconds. I'm not sure if this is a Keycloak or Readflow issue..
I'm on the following environment:
- Debian 12 Bookworm
- Brave Version 1.75.180 Chromium: 133.0.6943.126 (Official Build) (64-bit)
- Docker version 28.0.0, build f9ced58
- Readflow "edge"
- Keycloak 26.1.2
- Traefik as reverse proxy for TLS termination
Readflow environment variables:
READFLOW_DATABASE_URI: postgres://readflow:readflow@postgres/readflow?sslmode=disable
READFLOW_HTTP_PUBLIC_URL: https://readflow.myhost.com
READFLOW_UI_PUBLIC_URL: https://readflow.myhost.com
READFLOW_AUTHN_METHOD: oidc
READFLOW_AUTHN_OIDC_ISSUER: https://login.myhost.com/auth/realms/master
READFLOW_UI_CLIENT_ID: readflowBrave browser console output:
Navigated to https://readflow.myhost.com/
logout:2 exectuting login flow
logout:2 user not authenticated, redirecting to sign-in page...
Navigated to https://readflow.myhost.com/login?state=myState&session_state=mySessionState&iss=https%3A%2F%2Flogin.myhost.com%2Fauth%2Frealms%2Fmaster&code=myCode
AuthProvider.tsx:92 exectuting login flow
AuthProvider.tsx:55 callback from Authority server: sign in...
useTheme.ts:30 applying auto theme
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
VM41 main.fbf0a4b0.js:2 exectuting login flow
VM41 main.fbf0a4b0.js:2 error callback from Authority server: login_required
(anonymous) @ VM41 main.fbf0a4b0.js:2
d @ VM41 main.fbf0a4b0.js:2
(anonymous) @ VM41 main.fbf0a4b0.js:2
(anonymous) @ VM41 main.fbf0a4b0.js:2
r @ VM41 main.fbf0a4b0.js:2
s @ VM41 main.fbf0a4b0.js:2
(anonymous) @ VM41 main.fbf0a4b0.js:2
(anonymous) @ VM41 main.fbf0a4b0.js:2
(anonymous) @ VM41 main.fbf0a4b0.js:2
rl @ VM41 main.fbf0a4b0.js:2
yc @ VM41 main.fbf0a4b0.js:2
(anonymous) @ VM41 main.fbf0a4b0.js:2
y @ VM41 main.fbf0a4b0.js:2
w @ VM41 main.fbf0a4b0.js:2
VM58 main.fbf0a4b0.js:2 exectuting login flow
VM58 main.fbf0a4b0.js:2 error callback from Authority server: login_required
(anonymous) @ VM58 main.fbf0a4b0.js:2
d @ VM58 main.fbf0a4b0.js:2
(anonymous) @ VM58 main.fbf0a4b0.js:2
(anonymous) @ VM58 main.fbf0a4b0.js:2
r @ VM58 main.fbf0a4b0.js:2
s @ VM58 main.fbf0a4b0.js:2
(anonymous) @ VM58 main.fbf0a4b0.js:2
(anonymous) @ VM58 main.fbf0a4b0.js:2
(anonymous) @ VM58 main.fbf0a4b0.js:2
rl @ VM58 main.fbf0a4b0.js:2
yc @ VM58 main.fbf0a4b0.js:2
(anonymous) @ VM58 main.fbf0a4b0.js:2
y @ VM58 main.fbf0a4b0.js:2
w @ VM58 main.fbf0a4b0.js:2
AuthProvider.tsx:92 exectuting login flow
AuthProvider.tsx:49 error callback from Authority server: login_required
(anonymous) @ AuthProvider.tsx:49
d @ regeneratorRuntime.js:72
(anonymous) @ regeneratorRuntime.js:55
(anonymous) @ regeneratorRuntime.js:97
r @ asyncToGenerator.js:3
s @ asyncToGenerator.js:22
(anonymous) @ asyncToGenerator.js:27
(anonymous) @ asyncToGenerator.js:19
(anonymous) @ AuthProvider.tsx:93
rl @ react-dom.production.min.js:244
yc @ react-dom.production.min.js:286
(anonymous) @ react-dom.production.min.js:282
y @ scheduler.production.min.js:13
w @ scheduler.production.min.js:14
user signed out from Authority server: sign out...
Navigated to https://login.myhost.com/auth/realms/master/protocol/openid-connect/logout