Mozilla and Safari cookies not allowing cookies within an iframe #29112
Labels
area/authentication
Indicates an issue on Authentication area
kind/bug
Categorizes a PR related to a bug
status/auto-expire
status/missing-information
team/core-clients
Before reporting an issue
Area
authentication
Describe the bug
I am developing an add-in within Microsoft Office 365, in Word/Excel and Outlook. The add-in is developed using React Typescript and runs as an iframe. I have other web applications that run on keycloak that share the same realm. On Chrome or Edge when I log in on any of my other applications and go back to the add-in I can successfully retrieve the token and have my user info within it. However this does not work on Mozilla or Safari, they have a much more strict policy and the same flow does not work there. I have seen this similar case reported here as an Issue #24335. However the issue was closed and as i can see it has not been resolved.
The main issue being i get an error on Mozilla saying:
and
This is a big issue because I want to be able to log in my add-in using Google or Microsoft, which cannot be loaded within an iframe, so I am trying to open the log-in in a new tab and go back to the add-in which is not possible.
Also I have seen to make sure my apps are all on the same eTLD+1 as Keycloak which is the case in my scenario.
Version
21.1.2
Regression
Expected behavior
The log-in flow to be the same across all major browsers, Mozilla, Chrome, Edge, Safari when I log in to keycloak on any of my applications to be able to continue with my account in another application within an iframe.
Actual behavior
Currently I can log in on another application in keycloak and continue with my account in another page within an iframe on Chrome and Edge.
How to Reproduce?
Initialize keycloak within an iframe.
Log in to your account on any other application that is on the same realm.
Go back to your iframe and try to log in.
Your account will continue only on Chrome and Edge, not on Mozilla or Safari.
Anything else?
No response
The text was updated successfully, but these errors were encountered: