[keycloak-dev] browser backbutton

Stian Thorgersen sthorger at redhat.com
Wed Jan 20 15:49:18 EST 2016 

One additional thought. Maybe we could add a field to autheticators to say
if they support back, cancel or nothing. Then the flow would allow going
back if previous supports back. It would allow cancel if all supports it,
or nothing is one says nothing
On 20 Jan 2016 19:48, "Stian Thorgersen" <sthorger at redhat.com> wrote:

> Firstly, let's drop KEYCLOAK-2325 from 1.8 and see if we can fix it for
> 1.9.
>
> Secondly, the back button should not navigate backwards in the flow. Also,
> the refresh button should just redisplay the page as it does now (ignoring
> the post). A couple ideas to improve things though:
>
> 1) Set cache-control to "Cache-Control: no-store, must-revalidate,
> max-age=0". This should force a reload of the page when the user clicks the
> back button
> 2) Can we add a back link to some steps in the flow?
> 3) Can we add a cancel link to some steps in the flow?
> 4) If a user clicks the back button in the browser depending on where we
> are in the flow I think we should either take the user back to the first
> step (cancel), go back one step or just reshow the same page
>
> By setting the cache as I suggested in 1 I actually think the browser will
> just complain when you navigate back to a page that does a post.
>
> On 20 January 2016 at 16:43, Bill Burke <bburke at redhat.com> wrote:
>
>> Seems jboss.org guys don't like that the browser backbutton doesn't
>> work.   The question is, do we want to rework the auth spi to allow for
>> backbutton?  I'm not sure its even feasible or not.
>> https://issues.jboss.org/browse/KEYCLOAK-2325
>>
>> REFRESH BUTTON
>> * Refresh button will repost form data to the URL that is contained in
>> the browser url window.
>> * In Keycloak 1.6, I added redirects after successful actions.  The
>> redirect would redirect you off of the last URL.  This helped a lot with
>> refresh button as form data wasn't posted to old form URLs.
>> * In Keycloak 1.8 I removed the redirects because jboss.org complained
>> about the performance of the extra redirects.  To allow refresh button
>> to work, keycloak would just ignore posts to old form urls and just
>> display the current state of the flow.
>>
>> BACK BUTTON
>> * Adding support for the back button would require Keycloak to unwind
>> actions that have already been successful.  This probably requires a
>> callback method on the auth spi to do this.
>> * Since there are no more redirects, another problem is that keycloak
>> would not be able to distinguish between a page refresh button and a
>> backbutton/form resubmit.
>>
>> Is this something we can put off until 2.0?  I currently don't know how
>> to solve all three issues with the current design: refresh button, back
>> button, and performance.
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160120/cdb5ac14/attachment.html

More information about the keycloak-dev mailing list