[keycloak-dev] Usability in authentication flows

[Stian Thorgersen]

With regards to usability in authentication flows I think we have 3 issues
that can be improved:

Improve error messages
--------------------------------
"Something has gone wrong" is not helpful to an end-user. In general we
need to review error messages, maybe also other messages, to make sure they
are useful in the eyes of an end-user and not a developer.


Escape option
-------------------
There should always be at least one escape option for a user. We should
make sure the client is always known. This can be done by adding the client
uuid to the client session code, which means it will be always be available
even if session has been cleared. As long as the client has set the base
url we can add a link to return the application.

As the logins are redirect based it's important to always be able to return
to the application, especially for consumer facing sites.

I'm not sure "back to application" is the best text though, but can't come
up with anything better ATM.

There's also several times in the flow it could be useful to have a
cancel/restart option to restart the flow. Again, I'm not sure what the
best text for the link is. "cancel" would suggest returning to the
application, not to restart the flow.


Back/refresh buttons
---------------------------
Using cache control it should be possible to always reload the page so when
a user clicks back the current page is just redisplayed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160121/e2e667a4/attachment.html