[keycloak-user] [UMA] Access a protected resource by using a link

Pedro Igor Silva psilva at redhat.com
Fri Nov 15 07:44:03 EST 2019 

What type of application we are talking about? A single monolithic or
separated apps for frontend and backend ? Asking because you could just
resume the workflow after the user authenticate again and is redirected
back to your app ...

AFAIK, there is nothing you could use OOTB but maybe implementing some
custom authenticator. Even with a custom authenticator, the fact that you
are automatically re-authenticating the user based on some form of code
sent to an email may be risky ...


On Thu, Nov 14, 2019 at 6:37 PM Fernando Mayoral <
fernando.mayoral at practiv.com> wrote:

> Yes, they leave the application and their keycloak session expires.
> So then we want to send them a link for them to get a new session with
> their user and get redirected to the order they didn't complete.
> For example, a product is a bank account application:
> They start filling the forms and early on they are asked for email.
> But they never finish and submit the form, or maybe they leave the tab
> open and forget so the session expires, so we send them an email to remind
> them with a link to get authenticated and redirected back to an arbitrary
> url.
>
> On Fri, Nov 15, 2019 at 2:47 AM Pedro Igor Silva <psilva at redhat.com>
> wrote:
>
>> Hi,
>>
>> When the user "drops" from the system you mean a logout (ending the user
>> session in Keycloak) ?
>>
>> On Thu, Nov 14, 2019 at 1:53 AM Fernando Mayoral <
>> fernando.mayoral at practiv.com> wrote:
>>
>>> Hello!
>>>
>>> We have a product on which we create a protected resource (called orders)
>>> in keycloak and we secure access to it by using a UMA as described by uma
>>> authorization process
>>> <
>>> https://www.keycloak.org/docs/7.0/authorization_services/#_service_uma_authorization_process
>>> >
>>> .
>>>
>>> When the user drops from the system before they submit their order (i.e.
>>> the order is incomplete) we want to be able to send them an email with a
>>> link to the user so they’ll be able to get automatically authenticated
>>> and
>>> authorized so they can continue working on this protected resource.
>>>
>>> Does keycloak provide this kind of functionality out of the box?
>>> (i.e. given a link with some sort of long-lived token, get authenticated
>>> with keycloak and redirected to some arbitrary url)
>>> Is there any recommended way to approach this?
>>>
>>> any hints would be greatly appreciated.
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>

More information about the keycloak-user mailing list