<p dir="ltr">One additional thought. Maybe we could add a field to autheticators to say if they support back, cancel or nothing. Then the flow would allow going back if previous supports back. It would allow cancel if all supports it, or nothing is one says nothing</p>
<div class="gmail_quote">On 20 Jan 2016 19:48, "Stian Thorgersen" <<a href="mailto:sthorger@redhat.com">sthorger@redhat.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Firstly, let's drop KEYCLOAK-2325 from 1.8 and see if we can fix it for 1.9.<div><br></div><div>Secondly, the back button should not navigate backwards in the flow. Also, the refresh button should just redisplay the page as it does now (ignoring the post). A couple ideas to improve things though:</div><div><br></div><div>1) Set cache-control to "Cache-Control: no-store, must-revalidate, max-age=0". This should force a reload of the page when the user clicks the back button</div><div>2) Can we add a back link to some steps in the flow?</div><div>3) Can we add a cancel link to some steps in the flow?</div><div>4) If a user clicks the back button in the browser depending on where we are in the flow I think we should either take the user back to the first step (cancel), go back one step or just reshow the same page</div><div><br></div><div>By setting the cache as I suggested in 1 I actually think the browser will just complain when you navigate back to a page that does a post.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 20 January 2016 at 16:43, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Seems <a href="http://jboss.org" rel="noreferrer" target="_blank">jboss.org</a> guys don't like that the browser backbutton doesn't<br>
work. The question is, do we want to rework the auth spi to allow for<br>
backbutton? I'm not sure its even feasible or not.<br>
<a href="https://issues.jboss.org/browse/KEYCLOAK-2325" rel="noreferrer" target="_blank">https://issues.jboss.org/browse/KEYCLOAK-2325</a><br>
<br>
REFRESH BUTTON<br>
* Refresh button will repost form data to the URL that is contained in<br>
the browser url window.<br>
* In Keycloak 1.6, I added redirects after successful actions. The<br>
redirect would redirect you off of the last URL. This helped a lot with<br>
refresh button as form data wasn't posted to old form URLs.<br>
* In Keycloak 1.8 I removed the redirects because <a href="http://jboss.org" rel="noreferrer" target="_blank">jboss.org</a> complained<br>
about the performance of the extra redirects. To allow refresh button<br>
to work, keycloak would just ignore posts to old form urls and just<br>
display the current state of the flow.<br>
<br>
BACK BUTTON<br>
* Adding support for the back button would require Keycloak to unwind<br>
actions that have already been successful. This probably requires a<br>
callback method on the auth spi to do this.<br>
* Since there are no more redirects, another problem is that keycloak<br>
would not be able to distinguish between a page refresh button and a<br>
backbutton/form resubmit.<br>
<br>
Is this something we can put off until 2.0? I currently don't know how<br>
to solve all three issues with the current design: refresh button, back<br>
button, and performance.<br>
<span><font color="#888888"><br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" rel="noreferrer" target="_blank">http://bill.burkecentral.com</a><br>
<br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</font></span></blockquote></div><br></div>
</blockquote></div>