<div dir="ltr">Firstly, let's drop KEYCLOAK-2325 from 1.8 and see if we can fix it for 1.9.<div><br></div><div>Secondly, the back button should not navigate backwards in the flow. Also, the refresh button should just redisplay the page as it does now (ignoring the post). A couple ideas to improve things though:</div><div><br></div><div>1) Set cache-control to "Cache-Control: no-store, must-revalidate, max-age=0". This should force a reload of the page when the user clicks the back button</div><div>2) Can we add a back link to some steps in the flow?</div><div>3) Can we add a cancel link to some steps in the flow?</div><div>4) If a user clicks the back button in the browser depending on where we are in the flow I think we should either take the user back to the first step (cancel), go back one step or just reshow the same page</div><div><br></div><div>By setting the cache as I suggested in 1 I actually think the browser will just complain when you navigate back to a page that does a post.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 20 January 2016 at 16:43, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Seems <a href="http://jboss.org" rel="noreferrer" target="_blank">jboss.org</a> guys don't like that the browser backbutton doesn't<br>
work. The question is, do we want to rework the auth spi to allow for<br>
backbutton? I'm not sure its even feasible or not.<br>
<a href="https://issues.jboss.org/browse/KEYCLOAK-2325" rel="noreferrer" target="_blank">https://issues.jboss.org/browse/KEYCLOAK-2325</a><br>
<br>
REFRESH BUTTON<br>
* Refresh button will repost form data to the URL that is contained in<br>
the browser url window.<br>
* In Keycloak 1.6, I added redirects after successful actions. The<br>
redirect would redirect you off of the last URL. This helped a lot with<br>
refresh button as form data wasn't posted to old form URLs.<br>
* In Keycloak 1.8 I removed the redirects because <a href="http://jboss.org" rel="noreferrer" target="_blank">jboss.org</a> complained<br>
about the performance of the extra redirects. To allow refresh button<br>
to work, keycloak would just ignore posts to old form urls and just<br>
display the current state of the flow.<br>
<br>
BACK BUTTON<br>
* Adding support for the back button would require Keycloak to unwind<br>
actions that have already been successful. This probably requires a<br>
callback method on the auth spi to do this.<br>
* Since there are no more redirects, another problem is that keycloak<br>
would not be able to distinguish between a page refresh button and a<br>
backbutton/form resubmit.<br>
<br>
Is this something we can put off until 2.0? I currently don't know how<br>
to solve all three issues with the current design: refresh button, back<br>
button, and performance.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" rel="noreferrer" target="_blank">http://bill.burkecentral.com</a><br>
<br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</font></span></blockquote></div><br></div>