I’m trying to migrate from version 7.0.0 to version 8.0.2 of the keycloak server.
7.0.0 is in production and working very well for several months.
My application is an Angular (v 8) web application with a spring boot (2.2.4) backend API
with these versions of libs:
keycloak-angular@7.1.0 (latest version)
keycloak-js@7.0.1
keycloak server 8.0.2
Java: keycloak*8.0.2.jar
*** application work well ***
But
first: if I enable: ‘SameSite by default cookie’ in chrome://flags/ I get this error:
VM1457 polyfills.js:6163 POST http://local-iam- int:8180/auth/realms/bondtrader_local/protocol/openid-connect/token 400 (Bad Request)
second: after changing keycloak-js to the latest version (8.0.2 or 8.0.1) I get this error:
I’m in the process of setting up a project with Angular + Keycloak 9.0.0 and was reading about the new changes since Keycloak 8.0.2 in the cookie settings needed for updates that are made in Chrome 80+
If you’re connecting from a Javascript application then it needs to be public.
If you pass a secret through Javascript then it’s not really a secret anymore.