<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Talked to them. They just didn't like that it was possible for 3
redirects in a row.<br>
<br>
<div class="moz-cite-prefix">On 1/22/2016 4:26 PM, Scott Rossillo
wrote:<br>
</div>
<blockquote
cite="mid:2C14D730-2F43-43E6-A057-84FD8E200425@smartling.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
> <span style="background-color: rgb(255, 255, 255);" class="">Yeah,
I did that in 1.6....But </span><a moz-do-not-send="true"
href="http://jboss.org" style="background-color: rgb(255, 255,
255);" class="">jboss.org</a><span style="background-color:
rgb(255, 255, 255);" class=""> team didn't like it for
performance reasons.</span>
<div class=""><span style="background-color: rgb(255, 255, 255);"
class=""><br class="">
</span></div>
<div class=""><span style="background-color: rgb(255, 255, 255);"
class="">The <a moz-do-not-send="true"
href="http://jboss.org" class="">jboss.org</a> team seems
misguided here to think this approach creates a performance
issue. Many high traffic and large scale sites use
this approach to solve back button issues. </span></div>
<div class=""><span style="background-color: rgb(255, 255, 255);"
class=""><br class="">
</span>
<div class="">
<div class="">Scott Rossillo</div>
<div class="">Smartling | Senior Software Engineer</div>
<div class=""><a moz-do-not-send="true"
href="mailto:srossillo@smartling.com" class="">srossillo@smartling.com</a></div>
<div class=""><br class="">
</div>
<div class=""><a moz-do-not-send="true"
href="https://app.sigstr.com/uc/55e5d41c6533390d03580000"
id="campaignblock" target="_blank" style="box-sizing:
border-box; color: rgb(0, 75, 118); outline-offset: -2px;
font-family: gesta, Arial, Helvetica, sans-serif;
font-size: 14px; line-height: 20px; widows: 1;
background-color: rgb(255, 255, 255); outline: 0px
!important;" class=""><img moz-do-not-send="true"
alt="Latest News + Events"
src="https://app.sigstr.com/uc/55e5d41c6533390d03580000/img"
style="box-sizing: border-box; border: 0px;
vertical-align: top; max-width: 100%; height: auto;
width: inherit; color: blue; font-family: Helvetica;
font-size: 12px;" class="" border="0"></a><span
style="color: rgb(169, 169, 169); font-family: gesta,
Arial, Helvetica, sans-serif; font-size: 14px;
line-height: 20px; widows: 1; background-color: rgb(255,
255, 255);" class=""></span>
<div id="watermark" style="box-sizing: border-box; color:
rgb(169, 169, 169); font-family: gesta, Arial, Helvetica,
sans-serif; font-size: 14px; line-height: 20px; widows: 1;
background-color: rgb(255, 255, 255);" class=""><a
moz-do-not-send="true" href="http://www.sigstr.com/"
style="box-sizing: border-box; color: rgb(0, 124, 194);
text-decoration: none; background-color: transparent;
outline: 0px !important;" class=""><img
moz-do-not-send="true" alt="Powered by Sigstr"
src="https://app.sigstr.com/uc/55e5d41c6533390d03580000/watermark"
style="box-sizing: border-box; border: 0px;
vertical-align: top; max-width: 100%; height: auto;
width: inherit; color: rgb(99, 99, 99); font-family:
Helvetica; font-size: 11px;" class="" border="0"></a></div>
</div>
</div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Jan 22, 2016, at 10:19 AM, Libor Krzyzanek
<<a moz-do-not-send="true"
href="mailto:lkrzyzan@redhat.com" class="">lkrzyzan@redhat.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
<div style="word-wrap: break-word; -webkit-nbsp-mode:
space; -webkit-line-break: after-white-space;" class="">I
understand that frameworks are usually not “back/refresh
button” friendly.
<div class="">I was facing this problem in <a
moz-do-not-send="true"
href="http://planet.jboss.org/" class="">planet.jboss.org</a>
with JSF as well and had to fix it with some
workaround.
<div class=""><br class="">
</div>
<div class="">So if you can keep this in mind in 2.0
or later please do it. You simply cannot force
people to not use browser back button.</div>
<div class=""><br class="">
</div>
<div class="">Thanks,</div>
<div class=""><br class="">
</div>
<div class="">L.</div>
<div class="">
<div class=""><br class="">
<div class="">
Libor Krzyžanek<br class="">
<a moz-do-not-send="true"
href="http://jboss.org/" class="">jboss.org</a>
Development Team
</div>
<br class="">
<div class="">
<blockquote type="cite" class="">
<div class="">On Jan 22, 2016, at 3:47 PM,
Bill Burke <<a moz-do-not-send="true"
href="mailto:bburke@redhat.com" class="">bburke@redhat.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta content="text/html; charset=utf-8"
http-equiv="Content-Type" class="">
<div bgcolor="#FFFFFF" text="#000000"
class=""> We just can't support back
button at this time and not until sometime
in 2.0. I'm hoping we can at least
"disable" it by turning off the cache.
The way it will work is back button causes
an HTTP request with old URL and
parameters, Keycloak will just see its old
and redirect to the current step in the
flow.<br class="">
<br class="">
<div class="moz-cite-prefix">On 1/22/2016
9:40 AM, Libor Krzyzanek wrote:<br
class="">
</div>
<blockquote
cite="mid:CFC9ED2D-7C92-4EE2-946F-15979D10E92F@redhat.com"
type="cite" class="">
<meta http-equiv="Content-Type"
content="text/html; charset=utf-8"
class="">
Just read the discussion so let me
clarify few things.
<div class=""><br class="">
</div>
<div class="">Redirects</div>
<div class="">I’m fine with one redirect
after POST. But it needs to be <b
class="">one</b> redirect not 3. I
was complaining about 3 additional
redirects after hitting “LOGIN”
button.</div>
<div class="">In apps that I’m author
(e.g. <a moz-do-not-send="true"
href="http://planet.jboss.org/"
class="">planet.jboss.org</a>) I
exactly use that pattern - after HTTP
POST server returns 302 redirect to
another page which helps with a)
refresh button problem, b) browser
back button problem.</div>
<div class=""><br class="">
</div>
<div class="">Back button:</div>
<div class="">From UX perspective the
back button must work. Everybody use
it. On Mac/iPad users are used to use
gesture. I use it everywhere.</div>
<div class="">Personally when I come to
some site which is trying to force me
to use back button on page instead of
back button in browser I always feels
like using website written 5 years
ago.</div>
<div class=""><br class="">
</div>
<div class="">Other comments inline.</div>
<div class=""><br class="">
</div>
<div class="">Thanks,</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""> Libor Krzyžanek<br
class="">
<a moz-do-not-send="true"
href="http://jboss.org/" class="">jboss.org</a>
Development Team </div>
<br class="">
<div class="">
<blockquote type="cite" class="">
<div class="">On Jan 21, 2016, at
3:22 PM, Bill Burke <<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:bburke@redhat.com"><a class="moz-txt-link-abbreviated" href="mailto:bburke@redhat.com">bburke@redhat.com</a></a>> wrote:</div>
<br
class="Apple-interchange-newline">
<div class="">
<meta content="text/html;
charset=utf-8"
http-equiv="Content-Type"
class="">
<div bgcolor="#FFFFFF"
text="#000000" class=""> Yeah,
I did that in 1.6....But <a
moz-do-not-send="true"
href="http://jboss.org/"
class="">jboss.org</a> team
didn't like it for performance
reasons.<br class="">
<br class="">
<div class="moz-cite-prefix">On
1/20/2016 8:50 PM, Scott
Rossillo wrote:<br class="">
</div>
<blockquote
cite="mid:CALAqdu8E7_jboPF6KdDj5b0wM5gkraWWANS2YvJ4KPjwqxRi_g@mail.gmail.com"
type="cite" class="">There's
s pattern to handle the back
button during flows. It's
that a post should never
render a view but redirect
(HTTP get) to the failure or
success view. <br class="">
<br class="">
<a moz-do-not-send="true"
href="http://www.codeproject.com/Tips/433399/PRG-Pattern-Post-Redirect-Get"
class="">http://www.codeproject.com/Tips/433399/PRG-Pattern-Post-Redirect-Get</a><br
class="">
<div class="gmail_quote">
<div dir="ltr" class="">On
Wed, Jan 20, 2016 at
7:22 PM Bill Burke <<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:bburke@redhat.com"><a class="moz-txt-link-abbreviated" href="mailto:bburke@redhat.com">bburke@redhat.com</a></a>>
wrote:<br class="">
</div>
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF"
text="#000000"
class=""> <br
class="">
<br class="">
<div class="">On
1/20/2016 3:49 PM,
Stian Thorgersen
wrote:<br class="">
</div>
<blockquote
type="cite" class="">
<p dir="ltr"
class="">One
additional
thought. Maybe we
could add a field
to autheticators
to say if they
support back,
cancel or nothing.
Then the flow
would allow going
back if previous
supports back. It
would allow cancel
if all supports
it, or nothing is
one says nothing</p>
<div
class="gmail_quote">On
20 Jan 2016 19:48,
"Stian Thorgersen"
<<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:sthorger@redhat.com"><a class="moz-txt-link-abbreviated" href="mailto:sthorger@redhat.com">sthorger@redhat.com</a></a>>
wrote:<br
type="attribution"
class="">
<blockquote
class="gmail_quote"
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div dir="ltr"
class="">Firstly,
let's
drop KEYCLOAK-2325
from 1.8 and
see if we can
fix it for
1.9.
<div class=""><br
class="">
</div>
<div class="">Secondly,
the back
button should
not navigate
backwards in
the flow.
Also, the
refresh button
should just
redisplay the
page as it
does now
(ignoring the
post). A
couple ideas
to improve
things though:</div>
<div class=""><br
class="">
</div>
<div class="">1)
Set
cache-control
to
"Cache-Control:
no-store,
must-revalidate,
max-age=0".
This should
force a reload
of the page
when the user
clicks the
back button</div>
</div>
</blockquote>
</div>
</blockquote>
<br class="">
</div>
<div bgcolor="#FFFFFF"
text="#000000"
class=""> Really?
That's cool then, this
will basically
"disable" the back
button :) I'll try it
out.</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</blockquote>
<div class=""><br class="">
</div>
<div class="">
<div class="">It doesn’t disable
the back button. The browser
just don’t use internal browser
cache when the URL is visited
either by refresh button or back
button.</div>
</div>
<br class="">
<blockquote type="cite" class="">
<div class="">
<div bgcolor="#FFFFFF"
text="#000000" class="">
<blockquote
cite="mid:CALAqdu8E7_jboPF6KdDj5b0wM5gkraWWANS2YvJ4KPjwqxRi_g@mail.gmail.com"
type="cite" class="">
<div class="gmail_quote">
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF"
text="#000000"
class=""><br class="">
<br class="">
<blockquote
type="cite" class="">
<div
class="gmail_quote">
<blockquote
class="gmail_quote"
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div dir="ltr"
class="">
<div class="">2)
Can we add a
back link to
some steps in
the flow?</div>
<div class="">3)
Can we add a
cancel link to
some steps in
the flow?</div>
</div>
</blockquote>
</div>
</blockquote>
<br class="">
</div>
<div bgcolor="#FFFFFF"
text="#000000"
class=""> You can
reset the flow to the
beginning, but can't
go back one step.</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</blockquote>
<div class=""><br class="">
</div>
<div class="">From UX perspective
back button on webpage needs to
behave exactly same as back button
in browser.</div>
<div class=""><br class="">
</div>
<div class="">Cancel is very
confusing for me. For example on
“Forgot password” is cancel button
- what is purpose of it? what
happen when I click on it? Where I
would be redirected? I personally
removed those cancel buttons from
our theme because it’s not clear
why they’re there.</div>
<br class="">
<blockquote type="cite" class="">
<div class="">
<div bgcolor="#FFFFFF"
text="#000000" class="">
<blockquote
cite="mid:CALAqdu8E7_jboPF6KdDj5b0wM5gkraWWANS2YvJ4KPjwqxRi_g@mail.gmail.com"
type="cite" class="">
<div class="gmail_quote">
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF"
text="#000000"
class=""><br class="">
<br class="">
<pre cols="72" class="">--
Bill Burke
JBoss, a division of Red Hat
<a moz-do-not-send="true" href="http://bill.burkecentral.com/" target="_blank" class="">http://bill.burkecentral.com</a></pre>
</div>
_______________________________________________<br class="">
keycloak-dev mailing
list<br class="">
<a
moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org" target="_blank" class=""><a class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a></a><br
class="">
<a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
rel="noreferrer"
target="_blank"
class=""><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></a></blockquote>
</div>
</blockquote>
<br class="">
<pre class="moz-signature" cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://bill.burkecentral.com/">http://bill.burkecentral.com</a></pre>
</div>
_______________________________________________<br class="">
keycloak-dev mailing list<br
class="">
<a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org"
class="">keycloak-dev@lists.jboss.org</a><br
class="">
<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br class="">
<pre class="moz-signature" cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://bill.burkecentral.com/">http://bill.burkecentral.com</a></pre>
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a class="moz-txt-link-freetext" href="http://bill.burkecentral.com">http://bill.burkecentral.com</a></pre>
</body>
</html>