[keycloak-user] "Remember Me" feature on Social Login

Stian Thorgersen stian at redhat.com
Tue Aug 26 02:49:33 EDT 2014


Sorry for late response, I've been on holiday.

Sounds about right. The remember_me value should be passed to the social provider with putClientAttribute (see SocialProvider L311). As long as you set remember me on the user session OAuthFlow.redirectAccessCode should create the cookie for you in the SocialResource callback.

----- Original Message -----
> From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Monday, 18 August, 2014 7:16:35 PM
> Subject: Re: [keycloak-user] "Remember Me" feature on Social Login
> 
> I found a way I think is correct, please let me know if anything I did is
> wrong.
> 
> I send the request as POST with the remember_me in the form parameters, if
> it comes marked, I create a cookie, and handle all the audit calls just as
> it is on the normal login, and I send the remember_me value to the social
> provider, and retrieve it on the callback method.
> 
> In the callback method, I set whatever comes from the remember_me value on
> the last parameter of the createUserSession method.
> 
> Is this the correct flow?
> 
> 
> On Wed, Aug 13, 2014 at 1:37 PM, Rodrigo Sasaki <rodrigopsasaki at gmail.com>
> wrote:
> 
> > Should I set another cookie aswell? I tried it, I created the remember me
> > cookie correctly when logging in through twitter and it didn't work. Here
> > are the steps I took:
> >
> > 1. Opened browser without any cookies and history. Tried accessing:
> > http://localhost:9080/customer-portal/customers/view.jsp
> > 2. Server asked for authentication, I proceeded to login using Twitter and
> > selecting the remember me checkbox. (KEYCLOAK_REMEMBER_ME cookie was
> > created)
> > 3. Closed the browser and reopened it. Accessed twitter, and after logging
> > in I opened the same url (
> > http://localhost:9080/customer-portal/customers/view.jsp)
> >
> > System asked me to login again, even though the cookie was there. Did I
> > miss something?
> >
> > I see this message being printed on the console:
> >
> > 13:33:08,603 INFO  [org.keycloak.services.managers.AuthenticationManager]
> > (http--127.0.0.1-9080-14) authenticateIdentityCookie
> > 13:33:08,603 INFO  [org.keycloak.services.managers.AuthenticationManager]
> > (http--127.0.0.1-9080-14) authenticateCookie could not find cookie:
> > KEYCLOAK_IDENTITY
> >
> >
> > On Tue, Aug 12, 2014 at 1:08 PM, Rodrigo Sasaki <rodrigopsasaki at gmail.com>
> > wrote:
> >
> >> It's no problem, if I can come up with a suitable solution, I'll submit a
> >> PR and you can add it whenever it fits the schedule, I'm just pursuing
> >> this
> >> because it's one of the few things that we still need before we migrate
> >> everything.
> >>
> >>
> >> On Tue, Aug 12, 2014 at 12:27 PM, Stian Thorgersen <stian at redhat.com>
> >> wrote:
> >>
> >>> The login form is:
> >>>
> >>>   ./forms/common-themes/src/main/resources/theme/login/base/login.ftl
> >>>
> >>> It's FreeMarker templates. FIY as we're close to releasing 1.0.final we
> >>> can't add this to master until after.
> >>>
> >>> ----- Original Message -----
> >>> > From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
> >>> > To: "Stian Thorgersen" <stian at redhat.com>
> >>> > Cc: keycloak-user at lists.jboss.org
> >>> > Sent: Tuesday, 12 August, 2014 2:49:19 PM
> >>> > Subject: Re: [keycloak-user] "Remember Me" feature on Social Login
> >>> >
> >>> > So you're saying I have to change the HTML pages to make it submit a
> >>> form?
> >>> >
> >>> > I really don't understand how the interface works on Keycloak, could
> >>> you
> >>> > tell me the name of the file that handles the login page, if I
> >>> understood
> >>> > correctly. And I'll study it on from there.
> >>> >
> >>> >
> >>> > On Tue, Aug 12, 2014 at 10:23 AM, Stian Thorgersen <stian at redhat.com>
> >>> wrote:
> >>> >
> >>> > > Basically what's needed is:
> >>> > >
> >>> > >   * Add a remember me option for social - this is non-trivial as atm
> >>> > > social logins are links so needs to be changed to submitting a form
> >>> > >   * Set the login cookie in SocialResource.redirectToProviderAuth if
> >>> this
> >>> > > remember me check-box is set
> >>> > >
> >>> > > Reading the cookie is already handled, as it should set the same
> >>> cookie as
> >>> > > the "regular" login does.
> >>> > >
> >>> > > If you'd like to do this that would be great :)
> >>> > >
> >>> > > ----- Original Message -----
> >>> > > > From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
> >>> > > > To: "Stian Thorgersen" <stian at redhat.com>
> >>> > > > Cc: keycloak-user at lists.jboss.org
> >>> > > > Sent: Tuesday, 12 August, 2014 1:47:28 PM
> >>> > > > Subject: Re: [keycloak-user] "Remember Me" feature on Social Login
> >>> > > >
> >>> > > > I was wondering, could you give me some pointers so I could try and
> >>> > > > implement this myself? I was looking at the mechanics on the
> >>> already
> >>> > > > implemented feature, for username + password login, and I saw that
> >>> I have
> >>> > > > to set a cookie, which I'd have todo on
> >>> > > > *SocialResource.redirectToProviderAuth*
> >>> > > >
> >>> > > > But I couldn't figure out how it uses the remember me cookie to
> >>> evaluate
> >>> > > > and authenticate the user on the next access. I'm looking into it
> >>> now,
> >>> > > but
> >>> > > > anything you can help me with would be great, if it interests you.
> >>> > > >
> >>> > > >
> >>> > > > On Mon, Aug 11, 2014 at 5:24 AM, Stian Thorgersen <
> >>> stian at redhat.com>
> >>> > > wrote:
> >>> > > >
> >>> > > > > It won't be until after 1.0.final has been released, but we'll
> >>> aim to
> >>> > > add
> >>> > > > > it for 1.1.
> >>> > > > >
> >>> > > > > JIRA: https://issues.jboss.org/browse/KEYCLOAK-332
> >>> > > > >
> >>> > > > > ----- Original Message -----
> >>> > > > > > From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
> >>> > > > > > To: "Stian Thorgersen" <stian at redhat.com>
> >>> > > > > > Cc: keycloak-user at lists.jboss.org
> >>> > > > > > Sent: Tuesday, 5 August, 2014 12:38:33 PM
> >>> > > > > > Subject: Re: [keycloak-user] "Remember Me" feature on Social
> >>> Login
> >>> > > > > >
> >>> > > > > > Hi, just wondering, is there any prediction on when this
> >>> feature
> >>> > > will be
> >>> > > > > > implemented?
> >>> > > > > >
> >>> > > > > >
> >>> > > > > > On Tue, Jul 29, 2014 at 8:55 AM, Stian Thorgersen <
> >>> stian at redhat.com>
> >>> > > > > wrote:
> >>> > > > > >
> >>> > > > > > > It's planned just not implemented yet.
> >>> > > > > > >
> >>> > > > > > > One of the reasons was that we couldn't figure out an elegant
> >>> > > placement
> >>> > > > > > > for the remember-me checkbox.
> >>> > > > > > >
> >>> > > > > > > ----- Original Message -----
> >>> > > > > > > > From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
> >>> > > > > > > > To: keycloak-user at lists.jboss.org
> >>> > > > > > > > Sent: Tuesday, 29 July, 2014 12:15:15 PM
> >>> > > > > > > > Subject: [keycloak-user] "Remember Me" feature on Social
> >>> Login
> >>> > > > > > > >
> >>> > > > > > > > Hi,
> >>> > > > > > > >
> >>> > > > > > > > I know this doesn't exist now, but I was wondering if it is
> >>> > > something
> >>> > > > > > > that is
> >>> > > > > > > > planned to be implemented, or if there's a particular
> >>> reason why
> >>> > > it
> >>> > > > > > > isn't.
> >>> > > > > > > >
> >>> > > > > > > > Thanks!
> >>> > > > > > > >
> >>> > > > > > > > --
> >>> > > > > > > > Rodrigo Sasaki
> >>> > > > > > > >
> >>> > > > > > > > _______________________________________________
> >>> > > > > > > > keycloak-user mailing list
> >>> > > > > > > > keycloak-user at lists.jboss.org
> >>> > > > > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>> > > > > > >
> >>> > > > > >
> >>> > > > > >
> >>> > > > > >
> >>> > > > > > --
> >>> > > > > > Rodrigo Sasaki
> >>> > > > > >
> >>> > > > >
> >>> > > >
> >>> > > >
> >>> > > >
> >>> > > > --
> >>> > > > Rodrigo Sasaki
> >>> > > >
> >>> > >
> >>> >
> >>> >
> >>> >
> >>> > --
> >>> > Rodrigo Sasaki
> >>> >
> >>>
> >>
> >>
> >>
> >> --
> >> Rodrigo Sasaki
> >>
> >
> >
> >
> > --
> > Rodrigo Sasaki
> >
> 
> 
> 
> --
> Rodrigo Sasaki
> 


More information about the keycloak-user mailing list