I am trying to implement pac4j openid with keycloak in Spring webflux project with JAVA 19 and spring boot 3.0.3.
I am also facing same issue while fetching KeycloakOidcProfile after authentication is done in keycloak.
I notice that when it redirect to keycloak login page it sets SESSION cookie and at the end when callback url comes it get that SESSION cookie. cookie is not getting changed than also getting this same error.
public Mono<keycloakOidcProfile> getUserProfile(ServerRequest serverRequest) {
return Mono.just(serverRequest)
.flatMap(serverRequest1 -> {
if (ObjectUtils.isNotEmpty(serverRequest1.queryParams().get("code"))) {
//getting code from url
System.out.println(serverRequest1.queryParam("code").get());
}
final WebContext context = new SpringWebfluxWebContext(serverRequest1.exchange());
final SessionStore sessionStore = new SpringWebfluxSessionStore(serverRequest1.exchange());
final ProfileManager profileManager = new ProfileManager(context,sessionStore);
Optional<Credentials> credentials = config.getClients().findClient("KeycloakOidcClient").get().getCredentials(context,sessionStore);
Optional<UserProfile> userProfile = config.getClients().findClient("KeycloakOidcClient").get().getUserProfile(credentials.get(),context,sessionStore);
KeycloakOidcProfile keycloakOidcProfile = (KeycloakOidcProfile) userProfile.get();
System.out.println(keycloakOidcProfile.getAccessToken());
return keycloakOidcProfile;
});
}
I am getting "Referrer-policy" variable as "no-referrer" in header from keycloak. Is this cause the problem?
could you please guide me how to resolve this?
If you have the same SESSION cookie before and after the successful login at Keycloak, it should work. Generally, this kind of problem comes from an unwanted renewed/lost session.
Can you turn on DEBUG logs on the org.pac4j.springframework.context.SpringWebfluxSessionStore class (the session store) to see what's going on? Thx