dsb-norge / vue-keycloak-js

A Keycloak plugin for Vue 2
https://www.dsb.no
ISC License
274 stars 99 forks source link

requestStorageAccess errors and keycloak init errors on Chrome #189

Closed idc77 closed 5 months ago

idc77 commented 7 months ago

That's a new one.

step1.html:1 requestStorageAccess: Must be handling a user gesture to use.
step1.html:1 requestStorageAccess: Permission denied.
keycloak-6hgMzNWr.js:1 Error: Failure during initialization of keycloak-js adapter
    at index-C1r_MQVe.js:35:2435
onInitError @ keycloak-6hgMzNWr.js:1

the result is an empty page.

Chrome 124.0.6367.118 (Official Build) (64-bit) With whitelisted 3rd party cookies of the keycloak domain. It doesn't happen on Firefox 125.0.3 (64-bit)

And in the address field

https://cooksbooks.de/#iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks

it keeps repeating the issuer. You can see it live right now.

This is bad as most people on Android have Chrome as their main browser.

I also have the currently latest keycloak-js installed, but there is no change.

{
  "name": "cookbook",
  "version": "0.0.1",
  "description": "A collection of recipes",
  "productName": "Cookbook",
  "type": "module",
  "private": true,
  "scripts": {
    "lint": "eslint --ext .js,.vue ./",
    "format": "prettier --write \"**/*.{js,vue,scss,html,md,json}\" --ignore-path .gitignore",
    "test": "echo \"No test specified\" && exit 0",
    "dev": "quasar dev",
    "dev:pwa": "quasar dev -m pwa",
    "build": "quasar build",
    "build:pwa": "quasar build -m pwa"
  },
  "dependencies": {
    "@dsb-norge/vue-keycloak-js": "^2.4.0",
    "@pinia-orm/axios": "^1.7.0",
    "@quasar/extras": "^1.16.11",
    "axios": "^1.6.8",
    "keycloak-js": "24.0.3",
    "pinia": "^2.1.7",
    "pinia-orm": "^1.7.2",
    "quasar": "^2.15.4",
    "register-service-worker": "^1.7.2",
    "vue": "3.4.26",
    "vue-i18n": "^9.13.1",
    "vue-router": "^4.3.2"
  },
  "devDependencies": {
    "@intlify/unplugin-vue-i18n": "^4.0.0",
    "@quasar/app-vite": "^2.0.0-beta.11",
    "autoprefixer": "^10.4.19",
    "eslint": "^8.57.0",
    "eslint-config-prettier": "^9.1.0",
    "eslint-plugin-vue": "^9.24.1",
    "postcss": "^8.4.38",
    "prettier": "^3.2.5",
    "workbox-build": "^7.1.0",
    "workbox-cacheable-response": "^7.1.0",
    "workbox-core": "^7.1.0",
    "workbox-expiration": "^7.1.0",
    "workbox-precaching": "^7.1.0",
    "workbox-routing": "^7.1.0",
    "workbox-strategies": "^7.1.0"
  },
  "engines": {
    "node": "^24 || ^22 || ^20 || ^18",
    "npm": ">= 6.13.4",
    "yarn": ">= 1.21.1"
  }
}

It's probably not an issue of this package but upstream. I'm still reporting it here.

idc77 commented 7 months ago
import { boot } from 'quasar/wrappers'
import VueKeyCloak from '@dsb-norge/vue-keycloak-js'
import axios from 'axios'

export default boot(async ({ app }) => {
  async function tokenInterceptor () {
    axios.interceptors.request.use(config => {
      config.headers.Authorization = `Bearer ${app.config.globalProperties.$keycloak.token}`
      return config
    }, error => {
      return Promise.reject(error)
    })
  }

  return new Promise(resolve => {
    app.use(VueKeyCloak, {
      init: {
        onLoad: 'check-sso',
        flow: 'standard',
        pkceMethod: 'S256',
        silentCheckSsoRedirectUri: window.location.origin + '/silent-check-sso.html',
        checkLoginIframe: false,
        scope: 'openid email profile roles',
      },
      config: {
        url: process.env.KEYCLOAK_URL,
        realm: process.env.KEYCLOAK_REALM,
        clientId: process.env.KEYCLOAK_CLIENTID
      },
      onInitError: (error, err) => {
        console.error(error, err)
      },
      onReady: () => {
        tokenInterceptor()
        resolve()
      }
    })
  })
})

The error is "login_required"

This is in the dev console

Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'attribution-reporting'.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'run-ad-auction'.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'join-ad-interest-group'.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
client-entry.js:49 [Quasar] Running PWA.
recipes#iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&error=login_required&state=59e73fa7-c9e8-45e4-847f-3fe410d2e913&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&state=30a14fdd-bd3b-4145-80c9-2cd567f60076&session_state=2789dff3-185a-4d11-aa5a-e6bd48ecf108&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&code=ed682ebf-682b-4bb3-8ecd-09964ea13344.2789dff3-185a-4d11-aa5a-e6bd48ecf108.70b39f4c-395f-491c-bda7-f1c4e4651e62:1 Third-party cookie will be blocked. Learn more in the Issues tab.
recipes#iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&error=login_required&state=59e73fa7-c9e8-45e4-847f-3fe410d2e913&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&state=30a14fdd-bd3b-4145-80c9-2cd567f60076&session_state=2789dff3-185a-4d11-aa5a-e6bd48ecf108&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&code=ed682ebf-682b-4bb3-8ecd-09964ea13344.2789dff3-185a-4d11-aa5a-e6bd48ecf108.70b39f4c-395f-491c-bda7-f1c4e4651e62:1 Third-party cookie will be blocked. Learn more in the Issues tab.
recipes#iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&error=login_required&state=59e73fa7-c9e8-45e4-847f-3fe410d2e913&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&state=30a14fdd-bd3b-4145-80c9-2cd567f60076&session_state=2789dff3-185a-4d11-aa5a-e6bd48ecf108&iss=https%3A%2F%2Fconnect.icod.de%2Fauth%2Frealms%2Fcooksbooks&code=ed682ebf-682b-4bb3-8ecd-09964ea13344.2789dff3-185a-4d11-aa5a-e6bd48ecf108.70b39f4c-395f-491c-bda7-f1c4e4651e62:1 Third-party cookie will be blocked. Learn more in the Issues tab.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'attribution-reporting'.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'run-ad-auction'.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'join-ad-interest-group'.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
connect.icod.de/auth/realms/cooksbooks/protocol/openid-connect/3p-cookies/step1.html:39 requestStorageAccess: May not be used in an insecure context.
hasStorageAccess @ connect.icod.de/auth/realms/cooksbooks/protocol/openid-connect/3p-cookies/step1.html:39
await in hasStorageAccess (async)
checkStorageAccess @ connect.icod.de/auth/realms/cooksbooks/protocol/openid-connect/3p-cookies/step1.html:12
(anonymous) @ connect.icod.de/auth/realms/cooksbooks/protocol/openid-connect/3p-cookies/step1.html:8
keycloak.js:31 Error: Failure during initialization of keycloak-js adapter
    at @dsb-norge_vue-keycloak-js.js?v=1d1799c6:2194:19 {error: 'login_required', error_description: undefined}error: "login_required"error_description: undefined[[Prototype]]: Objectconstructor: ƒ Object()hasOwnProperty: ƒ hasOwnProperty()isPrototypeOf: ƒ isPrototypeOf()propertyIsEnumerable: ƒ propertyIsEnumerable()toLocaleString: ƒ toLocaleString()toString: ƒ toString()valueOf: ƒ valueOf()__defineGetter__: ƒ __defineGetter__()__defineSetter__: ƒ __defineSetter__()__lookupGetter__: ƒ __lookupGetter__()__lookupSetter__: ƒ __lookupSetter__()__proto__: (...)get __proto__: ƒ __proto__()set __proto__: ƒ __proto__()
onInitError @ keycloak.js:31
(anonymous) @ @dsb-norge_vue-keycloak-js.js?v=1d1799c6:2195
Promise.catch (async)
init @ @dsb-norge_vue-keycloak-js.js?v=1d1799c6:2192
(anonymous) @ @dsb-norge_vue-keycloak-js.js?v=1d1799c6:2097
Promise.then (async)
(anonymous) @ @dsb-norge_vue-keycloak-js.js?v=1d1799c6:2096
fulfilled @ @dsb-norge_vue-keycloak-js.js?v=1d1799c6:2061
Promise.then (async)
step @ @dsb-norge_vue-keycloak-js.js?v=1d1799c6:2074
(anonymous) @ @dsb-norge_vue-keycloak-js.js?v=1d1799c6:2076
__awaiter @ @dsb-norge_vue-keycloak-js.js?v=1d1799c6:2058
install @ @dsb-norge_vue-keycloak-js.js?v=1d1799c6:2084
use @ chunk-6YZ7MJAX.js?v=1d1799c6:5301
(anonymous) @ keycloak.js:16
(anonymous) @ keycloak.js:15
start @ client-entry.js:92
await in start (async)
(anonymous) @ client-entry.js:163
Promise.then (async)
(anonymous) @ client-entry.js:161
Promise.then (async)
(anonymous) @ client-entry.js:137
baltom commented 6 months ago

Im running the same version of Chrome, but we are running redhat-sso and therefor an older version of keycloak (also using 2.3.0 of vue-keycloak-js - not latest - because of keycloak-js version). And im not experiencing the issue you have.

image https://developers.google.com/privacy-sandbox/3pcd/related-website-sets-integration You sure your permission haven't been denied somehow?

The file it's referencing the error from is a file located on your keycloak server/application https://github.com/keycloak/keycloak/blob/main/services/src/main/resources/org/keycloak/protocol/oidc/endpoints/3p-cookies-step1.html

idc77 commented 5 months ago

I'm not sure about anything and I've had it with Keycloak. The latest version breaks mounting the keycloak instance under a different domain. I'll close this because I'll be looking to replace keycloak. I'm done with their bullshit.