<div dir="ltr">-1 There's no need to send the base-url that can be retrieved from the client as long as the client uuid is available</div><div class="gmail_extra"><br><div class="gmail_quote">On 20 January 2016 at 10:26, Travis De Silva <span dir="ltr"><<a href="mailto:traviskds@gmail.com" target="_blank">traviskds@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I am wondering if we should send the client base url as that is what would be required to redirect the user back to the application when the client session is invalidated. Have a look at my comments to Thomas in this Jira <a href="https://issues.jboss.org/browse/KEYCLOAK-2359" target="_blank">https://issues.jboss.org/browse/KEYCLOAK-2359</a><div><br></div></div><div class="HOEnZb"><div class="h5"><br><div class="gmail_quote"><div dir="ltr">On Wed, 20 Jan 2016 at 19:18 Stian Thorgersen <<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I was thinking about this some more last night and maybe we should add the client uuid to the ClientSessionCode that way it'll always be available even if the client session is invalidated. It would make the links long though, which I don't like.</div><div class="gmail_extra"><br><div class="gmail_quote">On 19 January 2016 at 21:05, Travis De Silva <span dir="ltr"><<a href="mailto:traviskds@gmail.com" target="_blank">traviskds@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Created Jira <a href="https://issues.jboss.org/browse/KEYCLOAK-2359" target="_blank">https://issues.jboss.org/browse/KEYCLOAK-2359</a><div><br></div><div>1.9 would be fantastic :) Thanks a lot. Will resolve a big usability issue for us.</div><div><br></div></div><div><div><br><div class="gmail_quote"><div dir="ltr">On Wed, 20 Jan 2016 at 06:46 Stian Thorgersen <<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">IMO this is a usability issue that we should fix for 1.9, so you can create a JIRA. I can't guarantee that'll it be done for 1.9 though and may be pushed.</div><div class="gmail_extra"><br><div class="gmail_quote">On 19 January 2016 at 20:15, Travis De Silva <span dir="ltr"><<a href="mailto:traviskds@gmail.com" target="_blank">traviskds@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">+1 for adding client_id param to the emails. This is an important requirement especially for consumer web applications as once we get a user, we don't want to lose that user from getting back to the site.<br><div><br></div><div>Shall I create a Jira request for this? </div><div><br></div></div><div><div><br><div class="gmail_quote"><div dir="ltr">On Wed, 20 Jan 2016 at 01:56 Stian Thorgersen <<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Cookie is not always going to work for emails though as the link may be opened in a new browser session (or a different browser)</div><div class="gmail_extra"><br><div class="gmail_quote">On 19 January 2016 at 15:40, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
We already set up a cookie for client session timeouts to hold
information that can reconstruct the session. Not sure if we do it
for reset credentials though.<div><div><br>
<br>
<div>On 1/19/2016 8:04 AM, Thomas Raehalme
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">+1 Sounds like a very good idea!
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Jan 19, 2016 at 3:01 PM,
Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank"></a><a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">We could add a client_id param to the
emails. Then if it all fails we can use the clients base
url.</div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 15 January 2016 at
21:28, Travis De Silva <span dir="ltr"><<a href="mailto:traviskds@gmail.com" target="_blank"></a><a href="mailto:traviskds@gmail.com" target="_blank">traviskds@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">irrespective of the theme, how
would you provide a link to the user to
redirect back to the application that they
initiated the request in the first place.
<div><br>
</div>
<div>For example, they click on the forgot
password link or the register new user link.</div>
<div><br>
</div>
<div>KeyCloak sends them an email with a link.
But they don't click it for awhile and then
when they click it, it has expired. So we
should be able to display an expired message
and redirect them back to the login page.
How can we handle this?</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div>
<div><br>
<div class="gmail_quote">
<div dir="ltr">On Sat, 16 Jan 2016 at
07:23 Bill Burke <<a href="mailto:bburke@redhat.com" target="_blank"></a><a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
NO, you can't. This would create an
open redirect probably and the themes
are supposed to be completely
independent of the protocol.</div>
<div bgcolor="#FFFFFF" text="#000000"><br>
<br>
<div>On 1/15/2016 3:06 PM, Travis De
Silva wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I can understand
that. But without the client ID,
we cannot redirect them back to
the login screen.
<div><br>
</div>
<div>Is there anyway where the
redirect url can be sent as a
query string together with the
code. That way, we can then pick
the redirect url from the query
string and redirect the user
back to the appropriate login
screen.</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Thu, 14 Jan 2016
at 18:56 Stian Thorgersen <<a href="mailto:sthorger@redhat.com" target="_blank"></a><a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Once the client
session is removed (it's
deleted at some point after
the login has timed out) the
client id is no longer
available. We have to delete
this session at some point as
otherwise we'd be left with
garbage from abandoned logins</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">
<div class="gmail_quote">On 13
January 2016 at 21:27,
Travis De Silva <span dir="ltr"><<a href="mailto:traviskds@gmail.com" target="_blank"></a><a href="mailto:traviskds@gmail.com" target="_blank">traviskds@gmail.com</a>></span>
wrote:<br>
</div>
</div>
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi,
<div><br>
</div>
<div>For theming the
login for different
clients within a
realm, we are
conditionally checking
for the client ID in
the freemarker
templates and then
accordingly including
sub freemarker
templates. This is
working perfectly but
the issue is for
certain errors, such
as "You took too long
to login. Login
process starting from
beginning.", the
clientid becomes null
( (sometimes).</div>
<div><br>
</div>
<div>Is there anything I
can do from the
freemarker template to
identify the client id
so I can then
accordingly handle
these errors?</div>
<div><br>
</div>
<div>Cheers</div>
<div>Travis</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<p><span>clientId=null</span></p>
</div>
</div>
<br>
</blockquote>
</div>
</div>
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
<div bgcolor="#FFFFFF" text="#000000">
<pre cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a></pre>
</div>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></blockquote>
</div>
</div>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
<pre cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a></pre>
</div></div></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></blockquote></div>
</div></div></blockquote></div><br></div>
</blockquote></div>
</div></div></blockquote></div><br></div>
</blockquote></div>
</div></div></blockquote></div><br></div>