<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi,<br>
<br>
At this moment, if you have Facebook and Google account and both
have same email address <a class="moz-txt-link-rfc2396E" href="mailto:foo@gmail.com">"foo@gmail.com"</a> , you need to either:<br>
<br>
1) Register user first with Facebook, which will create new user
account in Keycloak with email address <a class="moz-txt-link-rfc2396E" href="mailto:foo@gmail.com">"foo@gmail.com"</a> and this
account will be linked with Facebook. Then you can link this user
with Google in Account Management UI. In this way, user with email
<a class="moz-txt-link-rfc2396E" href="mailto:foo@gmail.com">"foo@gmail.com"</a> will be linked to both Facebook and Google and
from this point he can login to both.<br>
<br>
2) Manually register user with email <a class="moz-txt-link-rfc2396E" href="mailto:foo@gmail.com">"foo@gmail.com"</a> and then link
him in Account Management with both Facebook and Google. <br>
<br>
What you can't do ATM is to register user with Facebook first
(like in first part of flow 1), then logout and then try to
register him with Google. In this case user is not yet linked to
Google, but user account with email address <a class="moz-txt-link-rfc2396E" href="mailto:foo@gmail.com">"foo@gmail.com"</a>
already exists in Keycloak. So that's why it fails because there
is enforcement to have unique email addresses in Keycloak.<br>
<br>
I agree that it would be nice to have support for this flow. I
think when trying to SignIn with Google in case that user with
this email already exists, Keycloak should display screen with
some message like: "User with address <a class="moz-txt-link-abbreviated" href="mailto:foo@gmail.com">foo@gmail.com</a> already
exists. Do you want to link your account with this one?" . In case
that user choose "Yes" he will need to login into Keycloak via
some different form. If user choose "No" registration will be
finished as failed. Support for this flow is a bit tricky and IMO
it won't be possible to do it in Keycloak 1.0.Final, but probably
somewhere later. What we can do in 1.0.Final IMO is just do a
small fix in UI that there is no exception message like
"ModelDuplicateException" displayed somewhere in UI, but instead
some more friendly message will be shown like: "Your email
<a class="moz-txt-link-abbreviated" href="mailto:foo@gmail.com">foo@gmail.com</a> already exists in Keycloak. Login first and then
link your account with this"<br>
<br>
Marek<br>
<br>
<br>
On 9.6.2014 21:28, Rodrigo Sasaki wrote:<br>
</div>
<blockquote
cite="mid:CANLOgwDoPhK3ZtAUHKGwOFKQ=ShhUELoms1ixNMdEWaJUF6DJA@mail.gmail.com"
type="cite">
<div dir="ltr">I guess it can wait, it would be good to get this
sorted but I know you're all very busy.
<div><br>
</div>
<div>I'll download the master branch again and see what I can
find</div>
</div>
<div class="gmail_extra">
<br>
<br>
<div class="gmail_quote">On Mon, Jun 9, 2014 at 4:13 PM, Bill
Burke <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Stian wrote this code and is at a face to face meeting this
week. Can<br>
you wait until next week for an answer? I could look into
it, but I'm<br>
focused on some caching features and pushing out Beta 3 at
the moment.<br>
<div class=""><br>
On 6/9/2014 10:43 AM, Rodrigo Sasaki wrote:<br>
> I've been trying to work with the Social Providers
feature of Keycloak,<br>
> but I've had some problems.<br>
><br>
> First of all I'm using the beta-2 version, and I
created Facebook and<br>
> Google links to applications I have there and it
worked fine.<br>
><br>
> If I create a new user logging in with Facebook it
works<br>
> If I create a new user logging in with Google it
works aswell.<br>
><br>
> When I try linking things, that's where things go
wrong.<br>
><br>
> I have created a new Keycloak user, and accessed:<br>
><br>
</div>
> *<a moz-do-not-send="true"
href="http://localhost:8080/auth/realms/myrealm/account*"
target="_blank">http://localhost:8080/auth/realms/myrealm/account*</a><br>
<div class="">><br>
> and on that URL I associated my Google and Facebook
accounts, when I do<br>
> it like that, it all works fine, but when I tried to
see if it worked<br>
> automatically it all went south.<br>
><br>
> I deleted the social links from this account, and
then tried to login to<br>
> a keycloak secured application via Facebook, and the
e-mail of my<br>
> Facebook account is the same of the keycloak accunt,
which led to an<br>
> exception<br>
><br>
</div>
> /org.keycloak.models.ModelDuplicateException:<br>
> javax.persistence.PersistenceException:<br>
> org.hibernate.exception.ConstraintViolationException:
ERROR: duplicate<br>
> key value violates unique constraint
"userentity_realm_email_key"/<br>
<div class="">><br>
> The same happens if I have no account at all, and
create one with<br>
> Facebook, then try logging in with Google.<br>
><br>
> Is there something I'm missing, or is this flow still
being worked on?<br>
><br>
> I have read this wiki, and I think it's the item 5
that isn't working<br>
> correctly<br>
><br>
> <a moz-do-not-send="true"
href="https://github.com/keycloak/keycloak/wiki/Registration-Authentication-with-social-providers-and-linking-of-social-accounts"
target="_blank">https://github.com/keycloak/keycloak/wiki/Registration-Authentication-with-social-providers-and-linking-of-social-accounts</a><br>
><br>
><br>
> --<br>
> Rodrigo Sasaki<br>
><br>
><br>
</div>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a moz-do-not-send="true"
href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</font></span></blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr"><font face="Times New Roman">Rodrigo Sasaki</font></div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>