On our SPA login page, we have a button “Rest Password” that redirects the user to the Keycloak reset-credentials
page:
window.location.href = `${kcConfig.url}/realms/${kcConfig.realm}/login-actions/reset-credentials?client_id=${kcConfig.clientId}&kc_locale=${user.locale}`;
(Note that there is no tab_id
or other session information)
The reset-credentials
flow works fine. However, on the initial reset-credentials
page (choose user) there is a link Back to Application
that is generated with the template file login-reset-password.ftl
that uses the ${url.loginUrl}
. When the user clicks it, (s)he is redirected to page
AUTH_SERVER/realms/REALM/login-actions/authenticate?tab_id=z0KSQClA1AE
This page shows the invalidCodeMessage
/ INVALID_CODE
error.
Ideally I would like to configure the desired (e.g. ${client.baseURL}/login
) via the Keycloak client, because it should link to the login page within that client. As a quick fix we hard-coded the URL in the template file and also we could generate that file with the desired hard coded URL, but it would be much easier and straight forward to configure it for the realm/client. Also it would be fine if we can make the Keycloak login page work for that case.
The client has configured valid
- Base URL
- Redirect URIs
- Web Origins
And has not set
- Root URL
- Admin URL
(I tried setting them, but this does not resolve the issue)
I also tried setting the Frontend URL of the realm, but nothing changes while other problems arise.
-
Is it possible to configure the client/realm in such way that the original template uses a link to the client? (Just the
baseUrl
(without the/login
path would be fine as well). -
If not possible, then it would also be fine to redirect to the Keycloak’s login page (but it currently shows the
INVALID_CODE
error - how can we fix it?). -
If not possible, we would stick to overwriting the template, but I then would like to know how I can obtain the client’s base url from the template? I was not able to find out
Thank you very much for your support!