
<div dir="ltr">+1 Sounds like a very good idea!<div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 19, 2016 at 3:01 PM, Stian Thorgersen <span dir="ltr">&lt;<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">We could add a client_id param to the emails. Then if it all fails we can use the clients base url.</div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On 15 January 2016 at 21:28, Travis De Silva <span dir="ltr">&lt;<a href="mailto:traviskds@gmail.com" target="_blank">traviskds@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">irrespective of the theme, how would you provide a link to the user to redirect back to the application that they initiated the request in the first place.<div><br></div><div>For example, they click on the forgot password link or the register new user link.</div><div><br></div><div>KeyCloak sends them an email with a link. But they don&#39;t click it for awhile and then when they click it, it has expired. So we should be able to display an expired message and redirect them back to the login page. How can we handle this?</div><div><br></div><div><br></div></div><div><div><br><div class="gmail_quote"><div dir="ltr">On Sat, 16 Jan 2016 at 07:23 Bill Burke &lt;<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

  
  <div bgcolor="#FFFFFF" text="#000000">

    NO, you can&#39;t.  This would create an open redirect probably and the

    themes are supposed to be completely independent of the protocol.</div><div bgcolor="#FFFFFF" text="#000000"><br>

    <br>

    <div>On 1/15/2016 3:06 PM, Travis De Silva

      wrote:<br>

    </div>

    <blockquote type="cite">

      <div dir="ltr">I can understand that. But without the client ID,

        we cannot redirect them back to the login screen. 

        <div><br>

        </div>

        <div>Is there anyway where the redirect url can be sent as a

          query string together with the code. That way, we can then

          pick the redirect url from the query string and redirect the

          user back to the appropriate login screen.</div>

        <div><br>

        </div>

      </div>

      <br>

      <div class="gmail_quote">

        <div dir="ltr">On Thu, 14 Jan 2016 at 18:56 Stian Thorgersen

          &lt;<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>&gt;

          wrote:<br>

        </div>

        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

          <div dir="ltr">Once the client session is removed (it&#39;s

            deleted at some point after the login has timed out) the

            client id is no longer available. We have to delete this

            session at some point as otherwise we&#39;d be left with garbage

            from abandoned logins</div>

          <div class="gmail_extra"><br>

          </div>

          <div class="gmail_extra">

            <div class="gmail_quote">On 13 January 2016 at 21:27, Travis

              De Silva <span dir="ltr">&lt;<a href="mailto:traviskds@gmail.com" target="_blank">traviskds@gmail.com</a>&gt;</span>

              wrote:<br>

            </div>

          </div>

          <div class="gmail_extra">

            <div class="gmail_quote">

              <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

                <div dir="ltr">Hi,

                  <div><br>

                  </div>

                  <div>For theming the login for different clients

                    within a realm, we are conditionally checking for

                    the client ID in the freemarker templates and then

                    accordingly including sub freemarker templates. This

                    is working perfectly but the issue is for certain

                    errors, such as &quot;You took too long to login. Login

                    process starting from beginning.&quot;, the clientid

                    becomes null ( (sometimes).</div>

                  <div><br>

                  </div>

                  <div>Is there anything I can do from the freemarker

                    template to identify the client id so I can then

                    accordingly handle these errors?</div>

                  <div><br>

                  </div>

                  <div>Cheers</div>

                  <div>Travis</div>

                  <div><br>

                  </div>

                  <div><br>

                  </div>

                  <div><br>

                  </div>

                  <div>

                    <p><span>clientId=null</span></p>

                  </div>

                </div>

                <br>

              </blockquote>

            </div>

          </div>

          <div class="gmail_extra">

            <div class="gmail_quote">

              <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">_______________________________________________<br>

                keycloak-user mailing list<br>

                <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>

                <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>

              </blockquote>

            </div>

            <br>

          </div>

        </blockquote>

      </div>

      <br>

      <fieldset></fieldset>

      <br>

      <pre>_______________________________________________

keycloak-user mailing list

<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>

    </blockquote>

    <br>

    </div><div bgcolor="#FFFFFF" text="#000000"><pre cols="72">-- 

Bill Burke

JBoss, a division of Red Hat

<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a></pre>

  </div>


_______________________________________________<br>

keycloak-user mailing list<br>

<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></blockquote></div>

</div></div><br>_______________________________________________<br>

keycloak-user mailing list<br>

<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>

</div></div><br>_______________________________________________<br>

keycloak-user mailing list<br>

<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br>

</div></div>