Keycloak with Angular logins automatically

I have an Angular 9 application. Trying to connect with Keycloak server. My final goal is to have SSO for 3 applications, with auth-guard on each (access only some pages requires authentication).

Having multiple issues, but let do one at a time.

Using keycloak-angular with keycloak-js.

When I do keycloak.login() (with or without redirectUri) most of the time it goes to keycloak/auth page and comes back authenticated - without waiting for user input. I did double-check not to save any user data in browser autofill.

I will share more data upon request.

Update:

I see in the Keycloak console, that even after logging out, the session is still active. using:

keycloakservice.clearToken();
keycloakservice.logout();

Update:

changed logout code to:

this.keycloakService.logout().then(() => this.keycloakService.clearToken());

The keycloak cookies are removed every time, but the session in keycloak stays about 50% of the times. (see screenshot). Angular, Keycloak-js and keycloak-angular are updated to the latest version.

Solution 1:

It looks like you don't have proper logout.

You have to visit your identity provider (Keycloak in this case) OIDC logout endpoint for correct OIDC logout - just navigate whole browser (background AJAX/axios call doesn't work!) to:

https://keycloak_host/auth/realms/insert_realm_here/protocol/openid-connect/logout?redirect_uri=<your-app-host/optional-whitelisted-url-where-you-say-goodbye-to-users>

That terminates your Keycloak SSO session correctly. redirect_uri is optional parameter and it will be nice user experience if you redirect user back to some "good bye" route - it must be whitelisted from the authentication, because user won't have any SSO session/cookie at that time.