[keycloak-user] Authenticate user without using login page

Stian Thorgersen stian at redhat.com
Fri Jul 25 05:08:14 EDT 2014 

Yes, you can use the direct grant to retrieve a token.

I'd like to know why redirecting to the login form, when styled to match your website, and using login_hint to pre-fill username/email doesn't work. Maybe there's something we can do so that you can still use the "proper" flow?

----- Original Message -----
> From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: "Bill Burke" <bburke at redhat.com>, keycloak-user at lists.jboss.org
> Sent: Thursday, 24 July, 2014 6:13:17 PM
> Subject: Re: [keycloak-user] Authenticate user without using login page
> 
> Sorry to keep insisting on this, but since it's being a huge showstopper so
> far, I just have to ask.
> 
> If I don't mind trading off SSO and all the other benefits that the
> Keycloak login page provides me, would there be a way for me to do what I
> want?
> 
> 
> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen <stian at redhat.com> wrote:
> 
> > We could add support for login_hint query param so you can have the
> > username/email field on the login form pre-filled for the user, so once a
> > user has to authenticate you redirect to login on KC and all they would
> > have to do is enter their password.
> >
> > If you bypass the login forms you'd loose SSO, multi-factor support,
> > required actions, recover password, etc, etc, etc..
> >
> > As Bill mentioned we provide very flexible login forms that can be
> > templated using either just css or even FreeMarker templates if you need a
> > lot of customization, so you should be able to make the login form
> > integrate well with your website.
> >
> > ----- Original Message -----
> > > From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
> > > To: "Bill Burke" <bburke at redhat.com>
> > > Cc: keycloak-user at lists.jboss.org
> > > Sent: Thursday, 17 July, 2014 6:52:08 PM
> > > Subject: Re: [keycloak-user] Authenticate user without using login page
> > >
> > > You think there could be a way to do this within keycloak itself?
> > >
> > >
> > > On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki <
> > rodrigopsasaki at gmail.com >
> > > wrote:
> > >
> > >
> > >
> > > I'll give you an example:
> > >
> > > We have a situation in our website where we only ask for the user's
> > e-mail,
> > > and he can go on with the flow.
> > >
> > > On a determined step of the flow, if we identify that this is an e-mail
> > that
> > > we already have in our user database, we ask him for his password,
> > > authenticate him, and let him go on, if this e-mail is new, we redirect
> > him
> > > to a page where he can register himself, and after that continue on.
> > >
> > > On this specific case and others, we wouldn't like to have to redirect
> > him to
> > > keycloak, because that would interrupt the flow that we designed.
> > >
> > >
> > > On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < bburke at redhat.com > wrote:
> > >
> > >
> > > http://docs.jboss.org/ keycloak/docs/1.0-beta-3/
> > > userguide/html/direct-access- grants.html
> > >
> > > If you have to do it this way, please let us know why. Maybe we can
> > solve the
> > > issue within keycloak itself.
> > >
> > >
> > > On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote:
> > >
> > >
> > >
> > > Just for the sake of conversation, if I did want to handle my own login
> > > page, would there be a way for me to do it?
> > >
> > >
> > > On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki
> > > < rodrigopsasaki at gmail.com <mailto: rodrigopsasaki at gmail. com >> wrote:
> > >
> > > I don't want to miss out on all of that, which is why we're mostly
> > > migrating everything to use keycloak that way.
> > >
> > > It's just that we have cases that are so specific, that it would be
> > > better to authenticate the user in a different manner, create the
> > > user session and everything, without redirecting.
> > >
> > > I'll have a look at that code. Thanks!
> > >
> > >
> > > On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < bburke at redhat.com
> > > <mailto: bburke at redhat.com >> wrote:
> > >
> > > If you want to handle your own login pages, IMO, you are missing
> > > out on
> > > a lot of Keycloak features. Specifically:
> > >
> > > * SSO
> > > * forgot password
> > > * admin forced credential reset/setup
> > >
> > >
> > > Login pages can be styled however you like to look like your
> > > application.
> > >
> > > There is a REST api for obtaining an access token. Here is an
> > > example:
> > >
> > > https://github.com/keycloak/ keycloak/blob/master/examples/
> > > demo-template/admin-access- app/src/main/java/org/
> > > keycloak/example/AdminClient. java
> > >
> > > On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote:
> > > > Is there a way to authenticate the user without having to
> > > input username
> > > > and password on the login page?
> > > >
> > > > For example:
> > > >
> > > > Say there's a situation in my application where I request the
> > > user for
> > > > his username and password, and I wouldn't like to redirect
> > > that to the
> > > > keycloak login page to authenticate him, would there be a way
> > > for me to
> > > > do that?
> > > >
> > > > --
> > > > Rodrigo Sasaki
> > > >
> > > >
> > > > ______________________________ _________________
> > > > keycloak-user mailing list
> > > > keycloak-user at lists.jboss.org
> > > <mailto: keycloak-user at lists. jboss.org >
> > >
> > > > https://lists.jboss.org/ mailman/listinfo/keycloak-user
> > > >
> > >
> > > --
> > > Bill Burke
> > > JBoss, a division of Red Hat
> > > http://bill.burkecentral.com
> > > ______________________________ _________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org <mailto: keycloak-user at lists. jboss.org >
> > >
> > > https://lists.jboss.org/ mailman/listinfo/keycloak-user
> > >
> > >
> > >
> > >
> > > --
> > > Rodrigo Sasaki
> > >
> > >
> > >
> > >
> > > --
> > > Rodrigo Sasaki
> > >
> > > --
> > > Bill Burke
> > > JBoss, a division of Red Hat
> > > http://bill.burkecentral.com
> > >
> > >
> > >
> > > --
> > > Rodrigo Sasaki
> > >
> > >
> > >
> > > --
> > > Rodrigo Sasaki
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> 
> 
> 
> --
> Rodrigo Sasaki
>

More information about the keycloak-user mailing list