diff --git a/adapters/oidc/js/src/main/resources/keycloak.js b/adapters/oidc/js/src/main/resources/keycloak.js index f5979ae037..2def1e2a8e 100755 --- a/adapters/oidc/js/src/main/resources/keycloak.js +++ b/adapters/oidc/js/src/main/resources/keycloak.js @@ -87,6 +87,10 @@ } kc.flow = initOptions.flow; } + + if (initOptions.timeSkew != null) { + kc.timeSkew = initOptions.timeSkew; + } } if (!kc.responseMode) { @@ -162,12 +166,8 @@ kc.onAuthSuccess && kc.onAuthSuccess(); initPromise.setSuccess(); }).error(function () { - kc.onAuthError && kc.onAuthError(); - if (initOptions.onLoad) { - onLoad(); - } else { - initPromise.setError(); - } + setToken(null, null, null); + initPromise.setSuccess(); }); }); } else { @@ -369,6 +369,11 @@ throw 'Not authenticated'; } + if (kc.timeSkew == null) { + console.info('[KEYCLOAK] Unable to determine if token is expired as timeskew is not set'); + return true; + } + var expiresIn = kc.tokenParsed['exp'] - Math.ceil(new Date().getTime() / 1000) + kc.timeSkew; if (minValidity) { expiresIn -= minValidity; @@ -661,6 +666,9 @@ if (timeLocal) { kc.timeSkew = Math.floor(timeLocal / 1000) - kc.tokenParsed.iat; + } + + if (kc.timeSkew != null) { console.info('[KEYCLOAK] Estimated time difference between browser and server is ' + kc.timeSkew + ' seconds'); if (kc.onTokenExpired) { @@ -672,11 +680,7 @@ kc.tokenTimeoutHandle = setTimeout(kc.onTokenExpired, expiresIn); } } - } else { - kc.updateToken(-1); } - } else if (refreshToken) { - kc.updateToken(-1); } else { delete kc.token; delete kc.tokenParsed;