Hi Folks,<div>I started this thread to figure out how to handle a particular situation. </div><div>Currently when we log in into an application using ag-security-pl (and implicitly through picketlink) and the user was already logged in, we get a "UnexpectedCredentialException".</div>
<div>The Aerogear Controller Demo, for example, handle this exception by displaying an error page telling : "user already logged in, maybe you should log out".</div><div><br></div><div>But I was really thinking of where relies the responsibility of handling this very common use case (the same is applicable for the "register" flow) :</div>
<div>I have user Bob who has his <b>Device A</b> and<b> B</b> using Application <b>SlackerApp</b> :</div><div><br></div><div>- He logs into <b>SlackerApp</b> with <b>Device A</b>.</div><div>- While still logged in with <b>Device A</b>, he logs into <b>SlackerApp</b> with <b>device B</b> (for a concrete example think of Bob using twitter on his laptop when working and his mobile when he is at the bathroom).</div>
<div><br></div><div>In this situation, the log in flow for <b>Device B</b> will have to handle a <b>UnexpectedCredentialException</b>, I see 3 situations for handling this :</div><div><br></div><div>- <b>SlackerApp </b>handle the exception : - by swallowing it and returns a successful log in status, - throwing a error page (which can be strange for Bob who wants to use his app on device B)</div>
<div>-<b> AG security</b> handle the exception : - by swallowing it and returns a successful log in status, -throwing a http status</div><div>- <b>PicketLink </b>handle the exception : - by swallowing it and returns a successful log in status, -throwing a http status</div>
<div><br></div><div>I'm just wondering what is the best way to handle this </div><div><br></div><div>Seb</div><div><br></div>