<div dir="ltr">Linking accounts automatically is fine, but we should not have an option that can do that without requiring users to authenticate first.<div><br></div><div>There are so many cases where a user could have one social account compromised. They may not care that much about the account, they may never use the service so they've completely forgotten about it.</div><div><br></div><div>Imagine the following scenario:</div><div><br></div><div>* Tom signed up for GMail in 2005 - figured it was great and continued using the service the rest of his life</div><div>* Tom signed up for Twitter in 2005 - figured it was not to his taste and never used the account again </div><div>* Tom now read about two factor auth and configured it on his GMail account</div><div>* Mary (a bad person) figured that the password to Toms twitter account was 'password' so she's gained access to Tom's Twitter - Tom doesn't know, but he doesn't care either</div><div>* Tom signs up for a website that uses Keycloak and logs in with his trusted GMail account</div><div>* Now if we let Mary login to the website that uses Keycloak with Toms old Twitter account, without first proving she's Tom (which she can't), would be just plain daft!</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 29 October 2015 at 06:37, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
On 10/29/2015 5:42 AM, Vlastimil Elias wrote:<br>
><br>
><br>
> On 28.10.2015 21:32, Bill Burke wrote:<br>
>> If a user has loads of social networks and links a bunch of them, if<br>
>> *any one* of them is compromised the entire account is compromised.<br>
>> Most sites using social login, the only reason is there is a login is<br>
>> for the appliation to collect marketing data. So, the default behavior<br>
>> should make things as simple as possible for the user.<br>
>><br>
>> At a minimum, by default, the user should not be required to link an<br>
>> account if there is a conflicting duplicate email given by the provider.<br>
>> I have found <a href="http://develoeprs.redhat.com" rel="noreferrer" target="_blank">develoeprs.redhat.com</a> very difficult to use.<br>
><br>
> yep, it is difficult to use because it have to follow company's policy<br>
> with unique emails and Keycloak do not provide necessary support for<br>
> simple and user friendly account linking currently ;-)<br>
><br>
<br>
</span>Yeah, its not your fault. Its ours.<br>
<span class="im HOEnZb"><br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" rel="noreferrer" target="_blank">http://bill.burkecentral.com</a><br>
</span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</div></div></blockquote></div><br></div>