Tracking Protection in Firefox > 89 vs Keycloak-JS SPA

Hi,

we are running a SPA with Keycloak JavaScript Adapter at version 11.0.03 with Authorization Code with PKCE Flow.
Authorization does not work anymore in Firefox privacy mode since its version 89. Seems like Firefox added a “Total Cookie Protection” (Firefox now blocks cross-site tracking by default in private browsing).
I also tried it with Keycloak version 13.0.1 and 15.0.2 but authorization is still impossible respectively the client does not know the Keycloak session.

Seems like the following is not working with Firefox privacy mode but in Chrome privacy mode:

Session Status iframe is not supported and is automatically disabled if such browser behavior is detected by the JS adapter.
(Securing Applications and Services Guide)

Are there any known fixes for this or is a fix planned in future releases?

Our ini-settings:
onLoad: ‘check-sso’,
silentCheckSsoRedirectUri: ‘our_template_path/silent-check-sso.html’,
useNonce: true,
pkceMethod: ‘S256’,
checkLoginIframe: false,

Best regards

The issue seems to me like the following:

keycloak-js tries to detect 3p cookie support with the 2 step request method.

Because these requests could have access to the cookies in Firefox separated cookie jars keycloak-js think that Firefox supports 3p cookies and therefore using silent check-sso instead of fallback to regular check-sso.

But silent check-sso cannot access 3p cookies from the separated cookie jars. So no authentication is possible in Firefox private mode.

Are there any further insights?