Getting automatically logged out on localhost after 10-ish seconds in Firefox with Strict tracking protection

[Powersource]

No description provided.

[Powersource]

Works in production at least

Idk if we were getting this before but there's an error in the console saying

Partitioned cookie or storage access was provided to “https://auth.platoproject.org/auth/realms/plato/protocol/openid-connect/login-status-iframe.html” because it is loaded in the third-party context and storage partitioning is enabled.

and pointing here https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Storage_access_policy/Errors/CookiePartitionedForeign
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/State_Partitioning#dynamic_state_partitioning
https://blog.mozilla.org/security/2021/01/26/supercookie-protections/

So my current theory is that these heuristics hit us for some reason on localhost. I recently updated firefox on my machine.

Could also be related to fb1a3f8 . At first that was broken (tests didn't even pass) because I hadn't updated the allowed redirect urls in keycloak, but that's done now so you can at least log in, if briefly, now. The issue could be related to some old cache or something around this.

[Powersource]

Screenshot of log

Tested and reproduces in private browsing as well

[Powersource]

Doesn't reproduce in chrome

[Powersource]

Only happens on Strict tracking protection in firefox, not Standard.

Tried upgrading react and oidc-react but didn't seem to help #230

[Powersource]

Opened an issue in oidc-client-js DuendeArchive/identity-model-oidc-client-js#1321

[Powersource]

Fixing for now by me disabling Strict tracking protection :P

[aerugo]

So can we close this?

[Powersource]

mm sure but we should be ready for more strict 3rd party cookie blocking coming and biting us in the future