[keycloak-user] Authenticate user without using login page

Bill Burke bburke at redhat.com
Fri Jul 25 08:48:45 EDT 2014 

It is because their first login screen is just something asking for an 
email.  If the email doesn't exist as a user, they want a redirect to 
the register page.

On 7/25/2014 5:08 AM, Stian Thorgersen wrote:
> Yes, you can use the direct grant to retrieve a token.
>
> I'd like to know why redirecting to the login form, when styled to match your website, and using login_hint to pre-fill username/email doesn't work. Maybe there's something we can do so that you can still use the "proper" flow?
>
> ----- Original Message -----
>> From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: "Bill Burke" <bburke at redhat.com>, keycloak-user at lists.jboss.org
>> Sent: Thursday, 24 July, 2014 6:13:17 PM
>> Subject: Re: [keycloak-user] Authenticate user without using login page
>>
>> Sorry to keep insisting on this, but since it's being a huge showstopper so
>> far, I just have to ask.
>>
>> If I don't mind trading off SSO and all the other benefits that the
>> Keycloak login page provides me, would there be a way for me to do what I
>> want?
>>
>>
>> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen <stian at redhat.com> wrote:
>>
>>> We could add support for login_hint query param so you can have the
>>> username/email field on the login form pre-filled for the user, so once a
>>> user has to authenticate you redirect to login on KC and all they would
>>> have to do is enter their password.
>>>
>>> If you bypass the login forms you'd loose SSO, multi-factor support,
>>> required actions, recover password, etc, etc, etc..
>>>
>>> As Bill mentioned we provide very flexible login forms that can be
>>> templated using either just css or even FreeMarker templates if you need a
>>> lot of customization, so you should be able to make the login form
>>> integrate well with your website.
>>>
>>> ----- Original Message -----
>>>> From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
>>>> To: "Bill Burke" <bburke at redhat.com>
>>>> Cc: keycloak-user at lists.jboss.org
>>>> Sent: Thursday, 17 July, 2014 6:52:08 PM
>>>> Subject: Re: [keycloak-user] Authenticate user without using login page
>>>>
>>>> You think there could be a way to do this within keycloak itself?
>>>>
>>>>
>>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki <
>>> rodrigopsasaki at gmail.com >
>>>> wrote:
>>>>
>>>>
>>>>
>>>> I'll give you an example:
>>>>
>>>> We have a situation in our website where we only ask for the user's
>>> e-mail,
>>>> and he can go on with the flow.
>>>>
>>>> On a determined step of the flow, if we identify that this is an e-mail
>>> that
>>>> we already have in our user database, we ask him for his password,
>>>> authenticate him, and let him go on, if this e-mail is new, we redirect
>>> him
>>>> to a page where he can register himself, and after that continue on.
>>>>
>>>> On this specific case and others, we wouldn't like to have to redirect
>>> him to
>>>> keycloak, because that would interrupt the flow that we designed.
>>>>
>>>>
>>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < bburke at redhat.com > wrote:
>>>>
>>>>
>>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/
>>>> userguide/html/direct-access- grants.html
>>>>
>>>> If you have to do it this way, please let us know why. Maybe we can
>>> solve the
>>>> issue within keycloak itself.
>>>>
>>>>
>>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote:
>>>>
>>>>
>>>>
>>>> Just for the sake of conversation, if I did want to handle my own login
>>>> page, would there be a way for me to do it?
>>>>
>>>>
>>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki
>>>> < rodrigopsasaki at gmail.com <mailto: rodrigopsasaki at gmail. com >> wrote:
>>>>
>>>> I don't want to miss out on all of that, which is why we're mostly
>>>> migrating everything to use keycloak that way.
>>>>
>>>> It's just that we have cases that are so specific, that it would be
>>>> better to authenticate the user in a different manner, create the
>>>> user session and everything, without redirecting.
>>>>
>>>> I'll have a look at that code. Thanks!
>>>>
>>>>
>>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < bburke at redhat.com
>>>> <mailto: bburke at redhat.com >> wrote:
>>>>
>>>> If you want to handle your own login pages, IMO, you are missing
>>>> out on
>>>> a lot of Keycloak features. Specifically:
>>>>
>>>> * SSO
>>>> * forgot password
>>>> * admin forced credential reset/setup
>>>>
>>>>
>>>> Login pages can be styled however you like to look like your
>>>> application.
>>>>
>>>> There is a REST api for obtaining an access token. Here is an
>>>> example:
>>>>
>>>> https://github.com/keycloak/ keycloak/blob/master/examples/
>>>> demo-template/admin-access- app/src/main/java/org/
>>>> keycloak/example/AdminClient. java
>>>>
>>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote:
>>>>> Is there a way to authenticate the user without having to
>>>> input username
>>>>> and password on the login page?
>>>>>
>>>>> For example:
>>>>>
>>>>> Say there's a situation in my application where I request the
>>>> user for
>>>>> his username and password, and I wouldn't like to redirect
>>>> that to the
>>>>> keycloak login page to authenticate him, would there be a way
>>>> for me to
>>>>> do that?
>>>>>
>>>>> --
>>>>> Rodrigo Sasaki
>>>>>
>>>>>
>>>>> ______________________________ _________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>> <mailto: keycloak-user at lists. jboss.org >
>>>>
>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>> --
>>>> Bill Burke
>>>> JBoss, a division of Red Hat
>>>> http://bill.burkecentral.com
>>>> ______________________________ _________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org <mailto: keycloak-user at lists. jboss.org >
>>>>
>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Rodrigo Sasaki
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Rodrigo Sasaki
>>>>
>>>> --
>>>> Bill Burke
>>>> JBoss, a division of Red Hat
>>>> http://bill.burkecentral.com
>>>>
>>>>
>>>>
>>>> --
>>>> Rodrigo Sasaki
>>>>
>>>>
>>>>
>>>> --
>>>> Rodrigo Sasaki
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>>
>> --
>> Rodrigo Sasaki
>>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list