You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
we're currently relying on a customized user activation process where a user registration will be performed by a backend call and sends out an activation email. Therefore we don't have an active authentication session for the user and it is also not present in the token. Every newly registered user has an required action to set an initial password for itself. Therfore will be redirected to the required action during action token handling.
A problem comes into play when the user uses the action token in two separate tabs. Because the LoginActionsService will perform a fresh login everytime the action token is used, the authentication state is only valid for the most recent opened tab. When the password is being set in one of the previous tabs, it will result in a cookie_not_foundCUSTOM_REQUIRED_ACTION_ERROR, because the new cookie is not associated with the Tab ID.
We see that this happens regular in our systems.
Currently we plan to introduce an intermediate verification step for fresh authentication sessions like it is in the default VerifyEmail action token handler, but is there anything else that can be done to mitigate this? Is it maybe something which should be covered in the authChecker script?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello Keycloak Community,
we're currently relying on a customized user activation process where a user registration will be performed by a backend call and sends out an activation email. Therefore we don't have an active authentication session for the user and it is also not present in the token. Every newly registered user has an required action to set an initial password for itself. Therfore will be redirected to the required action during action token handling.
A problem comes into play when the user uses the action token in two separate tabs. Because the LoginActionsService will perform a fresh login everytime the action token is used, the authentication state is only valid for the most recent opened tab. When the password is being set in one of the previous tabs, it will result in a
cookie_not_found
CUSTOM_REQUIRED_ACTION_ERROR
, because the new cookie is not associated with the Tab ID.We see that this happens regular in our systems.
Currently we plan to introduce an intermediate verification step for fresh authentication sessions like it is in the default VerifyEmail action token handler, but is there anything else that can be done to mitigate this? Is it maybe something which should be covered in the authChecker script?
Beta Was this translation helpful? Give feedback.
All reactions