libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Merge pull request #3825 from stianst/KEYCLOAK-4338

Browse source 
Various fixes to JS adapter
This commit is contained in:
Stian Thorgersen 2017-02-03 08:58:44 +01:00 committed by GitHub
commit 652152f167
2 changed files with 18 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
adapters/oidc/js/src/main/resources/keycloak.js
View file

@ -87,6 +87,10 @@
} }
kc.flow = initOptions.flow; kc.flow = initOptions.flow;
} }
if (initOptions.timeSkew != null) {
kc.timeSkew = initOptions.timeSkew;
}
} }
if (!kc.responseMode) { if (!kc.responseMode) {
@ -162,12 +166,8 @@
kc.onAuthSuccess && kc.onAuthSuccess(); kc.onAuthSuccess && kc.onAuthSuccess();
initPromise.setSuccess(); initPromise.setSuccess();
}).error(function () { }).error(function () {
kc.onAuthError && kc.onAuthError(); setToken(null, null, null);
if (initOptions.onLoad) { initPromise.setSuccess();
onLoad();
} else {
initPromise.setError();
}
}); });
}); });
} else { } else {
@ -369,6 +369,11 @@
throw 'Not authenticated'; throw 'Not authenticated';
} }
if (kc.timeSkew == null) {
console.info('[KEYCLOAK] Unable to determine if token is expired as timeskew is not set');
return true;
}
var expiresIn = kc.tokenParsed['exp'] - Math.ceil(new Date().getTime() / 1000) + kc.timeSkew; var expiresIn = kc.tokenParsed['exp'] - Math.ceil(new Date().getTime() / 1000) + kc.timeSkew;
if (minValidity) { if (minValidity) {
expiresIn -= minValidity; expiresIn -= minValidity;
@ -653,12 +658,7 @@
if (token) { if (token) {
kc.token = token; kc.token = token;
kc.tokenParsed = decodeToken(token); kc.tokenParsed = decodeToken(token);
kc.sessionId = kc.tokenParsed.session_state;
var sessionId = kc.realm + '/' + kc.tokenParsed.sub;
if (kc.tokenParsed.session_state) {
sessionId = sessionId + '/' + kc.tokenParsed.session_state;
}
kc.sessionId = sessionId;
kc.authenticated = true; kc.authenticated = true;
kc.subject = kc.tokenParsed.sub; kc.subject = kc.tokenParsed.sub;
kc.realmAccess = kc.tokenParsed.realm_access; kc.realmAccess = kc.tokenParsed.realm_access;
@ -666,6 +666,9 @@
if (timeLocal) { if (timeLocal) {
kc.timeSkew = Math.floor(timeLocal / 1000) - kc.tokenParsed.iat; kc.timeSkew = Math.floor(timeLocal / 1000) - kc.tokenParsed.iat;
}
if (kc.timeSkew != null) {
console.info('[KEYCLOAK] Estimated time difference between browser and server is ' + kc.timeSkew + ' seconds'); console.info('[KEYCLOAK] Estimated time difference between browser and server is ' + kc.timeSkew + ' seconds');
if (kc.onTokenExpired) { if (kc.onTokenExpired) {
@ -677,11 +680,7 @@
kc.tokenTimeoutHandle = setTimeout(kc.onTokenExpired, expiresIn); kc.tokenTimeoutHandle = setTimeout(kc.onTokenExpired, expiresIn);
} }
} }
} else {
kc.updateToken(-1);
} }
} else if (refreshToken) {
kc.updateToken(-1);
} else { } else {
delete kc.token; delete kc.token;
delete kc.tokenParsed; delete kc.tokenParsed;

5
adapters/oidc/js/src/main/resources/login-status-iframe.html
View file

@ -53,7 +53,8 @@
req.send(); req.send();
} else { } else {
if (clientId === init.clientId && origin === init.origin) { if (clientId === init.clientId && origin === init.origin) {
if (sessionState === cookie) { var c = cookie.split('/');
if (sessionState === c[2]) {
callback('unchanged'); callback('unchanged');
} else { } else {
callback('changed'); callback('changed');
@ -81,7 +82,7 @@
var origin = event.origin; var origin = event.origin;
var data = event.data.split(' '); var data = event.data.split(' ');
if (data.length != 2) { if (data.length != 2) {
event.source.postMessage('error', origin); return;
} }
var clientId = data[0]; var clientId = data[0];