Hi,
we are running a SPA with Keycloak JavaScript Adapter at version 11.0.03 with Authorization Code with PKCE Flow.
Authorization does not work anymore in Firefox privacy mode since its version 89. Seems like Firefox added a “Total Cookie Protection” (Firefox now blocks cross-site tracking by default in private browsing).
I also tried it with Keycloak version 13.0.1 and 15.0.2 but authorization is still impossible respectively the client does not know the Keycloak session.
Seems like the following is not working with Firefox privacy mode but in Chrome privacy mode:
Session Status iframe is not supported and is automatically disabled if such browser behavior is detected by the JS adapter.
(Securing Applications and Services Guide)
Are there any known fixes for this or is a fix planned in future releases?
Our ini-settings:
onLoad: ‘check-sso’,
silentCheckSsoRedirectUri: ‘our_template_path/silent-check-sso.html’,
useNonce: true,
pkceMethod: ‘S256’,
checkLoginIframe: false,
Best regards