I have using webflux together with oauth2-client dependency and I have observing some problems on iPhone and Safari browser. Maybe someone already had similar problems and can help me or maybe some improvement is required. When user enter on my "main page" "/" Spring security check is request authenticated and if not redirects to keycloak (my oauth2 provider) Problem is on iOS because there are two subsequent requests and second one overrides data in session (user enter URL once, but something causes two requests).
For example (based on logs with time) User try to enter to "/" And in logs there are
- [18:36:28.464] Request "enter to /", Response redirect /oauth2/authorization/sso
-
[18:36:28.542] Request "enter to /oauth2/authorization/sso", Response redirect to /keycloak/...
-
[18:36:28.784] Request "enter to /", Response redirect /oauth2/authorization/sso [this is the problem, because overrides AUTHORIZATION_REQUEST state in session with new one]
-
[18:36:28.826] Request "enter to /oauth2/authorization/sso", Response redirect to /keycloak/...
-
[18:36:31.702] Request "enter to /login/oauth2/code/sso?state=..." Response is error because state in query params is equal this generated in point 2, but state in session was override in point 4.