Before reporting an issue

[X] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

oidc

Describe the bug

Hello everyone,

I'm experiencing an issue with Keycloak when authenticating on iPhone devices (Safari and Chrome). The authentication flow works correctly on desktop browsers (Chrome on Windows), but on iPhone, the process fails, and instead of receiving the expected authorization code parameter, the authentication is restarted, or I receive a temporarily_unavailable error.

Working Flow (Desktop Browser - Chrome)

The user is redirected to Keycloak and logs in successfully.
After login, the browser receives a URL with the code= parameter, which is then used to complete the OpenID Connect flow and obtain tokens.
Everything works as expected.

Failing Flow (iPhone - Safari/Chrome)
The user is redirected to Keycloak and logs in successfully.
Instead of receiving the code= parameter, the authentication flow redirects to /login-actions/restart with a 302 status, indicating that the authentication session is being restarted.
This flow never completes, and an error temporarily_unavailable or authentication_expired appears in the logs.

Version

25.0.1

Regression

[ ] The issue is a regression

Expected behavior

After login, the browser receives a URL with the code= parameter, which is then used to complete the OpenID Connect flow and obtain tokens.

Actual behavior

The user is redirected to Keycloak and logs in successfully.
Instead of receiving the code= parameter, the authentication flow redirects to /login-actions/restart with a 302 status, indicating that the authentication session is being restarted.

How to Reproduce?

have an isntance of Keycloak 25.0.1 running
create a confidential client in master realm
Enable Authentication Flow
and set a redirect Uri
Test the Flow on Desktop Browser
Test the Flow on iPhone (Safari or Chrome)

Anything else?

No response