The issue: When logging in with prompt=none using keycloak.js - keycloak.login({prompt=none}) - errors are simply swallowed and ignored by keycloak.js. In my case this results in a login-loop , because my client is not aware of any login problems and forwards as planned, gets intercepted, tries to login again, forwards as planned, …
In keycloak.js I found the following code that is responsible for that issue:
if (error) {
if (prompt != 'none') {
var errorData = { error: error, error_description: oauth.error_description };
kc.onAuthError && kc.onAuthError(errorData);
promise && promise.setError(errorData);
} else {
promise && promise.setSuccess();
}
return;
}
So the script is actually aware of the error (received by # URL fragment params), but just pass a success back to my client code.
Why?! And how to handle errors in the client?
What’s the use case behind that? Well, in our case we create a plugin for a 3rd party platform. We are intergrated via iframe. In the iframe we need prompt=none to avoid loading login-screens in the iframe. This is prohibited for security reasons (to avoid clickjacking). While prompt=none works perfectly fine, the error handling doesnt. e.g. error: intereaction_required when a new use consent is needed. We need to inform the user and perform the required steps.