vue-keycloak-js icon indicating copy to clipboard operation
vue-keycloak-js copied to clipboard

Published 20 hours ago verified publisher icon dsb-norge

redirect_uri with keycloak 18 causes an error

Open d-koppenhagen opened this issue 2 years ago • 12 comments

Using @https://github.com/[email protected] with keycloak 18 will produce an error when trying to logout:

invalid param redirect_uri

The Breaking Change in Keycloak is described in the Release Notes - Section "Migration from 17.0 -> OpenID Connect Logout".

The problem can be fixed by updating keycloak-js to version 18.0.0.

d-koppenhagen avatar May 16 '22 10:05 d-koppenhagen

As previously mentioned in other issues we are keeping keycloak-js at the current version because of redhat-sso using said version. So it won't be updated until there is a redhat-sso version with corresponding keycloak version.

In the release notes you linked there is also a way to make redirect_uri work with 18+ versions of keycloak



There is a backwards compatibility option, which allows your application to still use the old format of the redirect_uri parameter.

You can enable this parameter when you start the server by entering the following command:

     bin/kc.[sh|bat] --spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true start

With this configuration, you can still use the format with the redirect_uri parameter. Note the confirmation screen will be needed if the id_token_hint is omitted.

baltom avatar May 18 '22 05:05 baltom

Thanks @baltom ... You help me a lot.

hendisantika avatar Jun 03 '22 07:06 hendisantika

I meet the same problem. In my case, I downgrade [email protected] to [email protected]. That works for me.

https://quay.io/repository/keycloak/keycloak?tab=tags&tag=17.0.1

joe105598055 avatar Jul 11 '22 06:07 joe105598055

You don't need to downgrade @joe105598055 . You need to upgrade your Keycloak-js libs. It also solved the issue.

hendisantika avatar Jul 11 '22 07:07 hendisantika

@hendisantika was right. I updated Keycloak-JS and it worked.

robson90 avatar Aug 18 '22 06:08 robson90

el logout se me arreglo y me funciono asi Valid redirect URIs : http://localhost:4200/* Valid post logout : http://localhost:4200/* Web origins : http://localhost:4200/*

julioAzocar avatar Aug 18 '22 13:08 julioAzocar

@baltom If I'm not mistaken, redhat recently upgraded to [email protected] which uses [email protected] https://access.redhat.com/articles/2342881

theolevisage avatar Aug 25 '22 09:08 theolevisage

@theolevisage yeah, it is indeed. So we can bump up the keycloak-js dependency. And won't need the workaround to support old format

baltom avatar Sep 05 '22 19:09 baltom

Is this issue fixed? I upgrade vue-keycloak-js to latest "@dsb-norge/vue-keycloak-js": "^2.1.5-beta", on keycloak-18.0.0 still receive error log message " Parameter 'redirect_uri' no longer supported. Please use 'post_logout_redirect_uri' with 'id_token_hint' for this endpoint."

I'm not sure how to upgrade keycloak-js to version 18.0.0 in my package.json.

Thank you for your help.

JavaPantry avatar Sep 09 '22 18:09 JavaPantry

el logout se me arreglo y me funciono asi Valid redirect URIs : http://localhost:4200/* Valid post logout : http://localhost:4200/* Web origins : http://localhost:4200/*

Gracias, tambien me funciono.

katzekro avatar Oct 06 '22 07:10 katzekro

@theolevisage yeah, it is indeed. So we can bump up the keycloak-js dependency. And won't need the workaround to support old format

I agree with @baltom. This is the only valid solution to this issue. Issue is not in Keycloak application but in js adapter itself, it is not fully compatible since it is outdated. Enabling legacy features and changing Keycloak configuration should only be a workaround in development stage.

nrankovic avatar Nov 09 '22 07:11 nrankovic

I'm using keycloak-js 19.0.3 and getting the indicated error with Keycloak 21.x

cdecinkoKnight avatar Mar 30 '23 23:03 cdecinkoKnight