Keycloak with Angular logins automatically
I have an Angular 9 application. Trying to connect with Keycloak server. My final goal is to have SSO for 3 applications, with auth-guard on each (access only some pages requires authentication).
Having multiple issues, but let do one at a time.
Using keycloak-angular with keycloak-js.
When I do keycloak.login() (with or without redirectUri) most of the time it goes to keycloak/auth page and comes back authenticated - without waiting for user input. I did double-check not to save any user data in browser autofill.
I will share more data upon request.
Update:
I see in the Keycloak console, that even after logging out, the session is still active. using:
keycloakservice.clearToken();
keycloakservice.logout();
Update:
changed logout code to:
this.keycloakService.logout().then(() => this.keycloakService.clearToken());
The keycloak cookies are removed every time, but the session in keycloak stays about 50% of the times. (see screenshot). Angular, Keycloak-js and keycloak-angular are updated to the latest version.
It looks like you don't have proper logout.
You have to visit your identity provider (Keycloak in this case) OIDC logout endpoint for correct OIDC logout - just navigate whole browser (background AJAX/axios call doesn't work!) to:
https://keycloak_host/auth/realms/insert_realm_here/protocol/openid-connect/logout?redirect_uri=<your-app-host/optional-whitelisted-url-where-you-say-goodbye-to-users>
That terminates your Keycloak SSO session correctly. redirect_uri is optional parameter and it will be nice user experience if you redirect user back to some "good bye" route - it must be whitelisted from the authentication, because user won't have any SSO session/cookie at that time.