<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
We just can't support back button at this time and not until
sometime in 2.0. I'm hoping we can at least "disable" it by turning
off the cache. The way it will work is back button causes an HTTP
request with old URL and parameters, Keycloak will just see its old
and redirect to the current step in the flow.<br>
<br>
<div class="moz-cite-prefix">On 1/22/2016 9:40 AM, Libor Krzyzanek
wrote:<br>
</div>
<blockquote
cite="mid:CFC9ED2D-7C92-4EE2-946F-15979D10E92F@redhat.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
Just read the discussion so let me clarify few things.
<div class=""><br class="">
</div>
<div class="">Redirects</div>
<div class="">I’m fine with one redirect after POST. But it needs
to be <b class="">one</b> redirect not 3. I was complaining
about 3 additional redirects after hitting “LOGIN” button.</div>
<div class="">In apps that I’m author (e.g. <a
moz-do-not-send="true" href="http://planet.jboss.org" class="">planet.jboss.org</a>)
I exactly use that pattern - after HTTP POST server returns 302
redirect to another page which helps with a) refresh button
problem, b) browser back button problem.</div>
<div class=""><br class="">
</div>
<div class="">Back button:</div>
<div class="">From UX perspective the back button must work.
Everybody use it. On Mac/iPad users are used to use gesture. I
use it everywhere.</div>
<div class="">Personally when I come to some site which is trying
to force me to use back button on page instead of back button in
browser I always feels like using website written 5 years ago.</div>
<div class=""><br class="">
</div>
<div class="">Other comments inline.</div>
<div class=""><br class="">
</div>
<div class="">Thanks,</div>
<div class=""><br class="">
</div>
<div class="">
<div class="">
Libor Krzyžanek<br class="">
<a moz-do-not-send="true" href="http://jboss.org" class="">jboss.org</a>
Development Team
</div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Jan 21, 2016, at 3:22 PM, Bill Burke <<a
moz-do-not-send="true" href="mailto:bburke@redhat.com"
class=""><a class="moz-txt-link-abbreviated" href="mailto:bburke@redhat.com">bburke@redhat.com</a></a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta content="text/html; charset=utf-8"
http-equiv="Content-Type" class="">
<div bgcolor="#FFFFFF" text="#000000" class=""> Yeah, I
did that in 1.6....But <a moz-do-not-send="true"
href="http://jboss.org" class="">jboss.org</a> team
didn't like it for performance reasons.<br class="">
<br class="">
<div class="moz-cite-prefix">On 1/20/2016 8:50 PM, Scott
Rossillo wrote:<br class="">
</div>
<blockquote
cite="mid:CALAqdu8E7_jboPF6KdDj5b0wM5gkraWWANS2YvJ4KPjwqxRi_g@mail.gmail.com"
type="cite" class="">There's s pattern to handle the
back button during flows. It's that a post should
never render a view but redirect (HTTP get) to the
failure or success view. <br class="">
<br class="">
<a moz-do-not-send="true"
href="http://www.codeproject.com/Tips/433399/PRG-Pattern-Post-Redirect-Get"
class="">http://www.codeproject.com/Tips/433399/PRG-Pattern-Post-Redirect-Get</a><br
class="">
<div class="gmail_quote">
<div dir="ltr" class="">On Wed, Jan 20, 2016 at 7:22
PM Bill Burke <<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:bburke@redhat.com">bburke@redhat.com</a>>
wrote:<br class="">
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000" class=""> <br
class="">
<br class="">
<div class="">On 1/20/2016 3:49 PM, Stian
Thorgersen wrote:<br class="">
</div>
<blockquote type="cite" class="">
<p dir="ltr" class="">One additional thought.
Maybe we could add a field to autheticators
to say if they support back, cancel or
nothing. Then the flow would allow going
back if previous supports back. It would
allow cancel if all supports it, or nothing
is one says nothing</p>
<div class="gmail_quote">On 20 Jan 2016 19:48,
"Stian Thorgersen" <<a
moz-do-not-send="true"
href="mailto:sthorger@redhat.com"
target="_blank" class=""><a class="moz-txt-link-abbreviated" href="mailto:sthorger@redhat.com">sthorger@redhat.com</a></a>>
wrote:<br type="attribution" class="">
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div dir="ltr" class="">Firstly, let's
drop KEYCLOAK-2325 from 1.8 and see if
we can fix it for 1.9.
<div class=""><br class="">
</div>
<div class="">Secondly, the back button
should not navigate backwards in the
flow. Also, the refresh button should
just redisplay the page as it does now
(ignoring the post). A couple ideas to
improve things though:</div>
<div class=""><br class="">
</div>
<div class="">1) Set cache-control to
"Cache-Control: no-store,
must-revalidate, max-age=0". This
should force a reload of the page when
the user clicks the back button</div>
</div>
</blockquote>
</div>
</blockquote>
<br class="">
</div>
<div bgcolor="#FFFFFF" text="#000000" class="">
Really? That's cool then, this will basically
"disable" the back button :) I'll try it out.</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</blockquote>
<div><br class="">
</div>
<div>
<div class="">It doesn’t disable the back button. The
browser just don’t use internal browser cache when the URL
is visited either by refresh button or back button.</div>
</div>
<br class="">
<blockquote type="cite" class="">
<div class="">
<div bgcolor="#FFFFFF" text="#000000" class="">
<blockquote
cite="mid:CALAqdu8E7_jboPF6KdDj5b0wM5gkraWWANS2YvJ4KPjwqxRi_g@mail.gmail.com"
type="cite" class="">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000" class=""><br
class="">
<br class="">
<blockquote type="cite" class="">
<div class="gmail_quote">
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div dir="ltr" class="">
<div class="">2) Can we add a back link
to some steps in the flow?</div>
<div class="">3) Can we add a cancel
link to some steps in the flow?</div>
</div>
</blockquote>
</div>
</blockquote>
<br class="">
</div>
<div bgcolor="#FFFFFF" text="#000000" class="">
You can reset the flow to the beginning, but
can't go back one step.</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</blockquote>
<div><br class="">
</div>
<div>From UX perspective back button on webpage needs to
behave exactly same as back button in browser.</div>
<div><br class="">
</div>
<div>Cancel is very confusing for me. For example on “Forgot
password” is cancel button - what is purpose of it? what
happen when I click on it? Where I would be redirected? I
personally removed those cancel buttons from our theme
because it’s not clear why they’re there.</div>
<br class="">
<blockquote type="cite" class="">
<div class="">
<div bgcolor="#FFFFFF" text="#000000" class="">
<blockquote
cite="mid:CALAqdu8E7_jboPF6KdDj5b0wM5gkraWWANS2YvJ4KPjwqxRi_g@mail.gmail.com"
type="cite" class="">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000" class=""><br
class="">
<br class="">
<pre cols="72" class="">--
Bill Burke
JBoss, a division of Red Hat
<a moz-do-not-send="true" href="http://bill.burkecentral.com/" target="_blank" class="">http://bill.burkecentral.com</a></pre>
</div>
_______________________________________________<br
class="">
keycloak-dev mailing list<br class="">
<a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org"
target="_blank" class="">keycloak-dev@lists.jboss.org</a><br
class="">
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
rel="noreferrer" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></blockquote>
</div>
</blockquote>
<br class="">
<pre class="moz-signature" cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://bill.burkecentral.com/">http://bill.burkecentral.com</a></pre>
</div>
_______________________________________________<br
class="">
keycloak-dev mailing list<br class="">
<a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org" class="">keycloak-dev@lists.jboss.org</a><br
class="">
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a class="moz-txt-link-freetext" href="http://bill.burkecentral.com">http://bill.burkecentral.com</a></pre>
</body>
</html>