One additional thought. Maybe we could add a field to autheticators to say if they support back, cancel or nothing. Then the flow would allow going back if previous supports back. It would allow cancel if all supports it, or nothing is one says nothing
Firstly, let's drop KEYCLOAK-2325 from 1.8 and see if we can fix it for 1.9.Secondly, the back button should not navigate backwards in the flow. Also, the refresh button should just redisplay the page as it does now (ignoring the post). A couple ideas to improve things though:1) Set cache-control to "Cache-Control: no-store, must-revalidate, max-age=0". This should force a reload of the page when the user clicks the back button2) Can we add a back link to some steps in the flow?3) Can we add a cancel link to some steps in the flow?4) If a user clicks the back button in the browser depending on where we are in the flow I think we should either take the user back to the first step (cancel), go back one step or just reshow the same pageBy setting the cache as I suggested in 1 I actually think the browser will just complain when you navigate back to a page that does a post.On 20 January 2016 at 16:43, Bill Burke <bburke@redhat.com> wrote:Seems jboss.org guys don't like that the browser backbutton doesn't
work. The question is, do we want to rework the auth spi to allow for
backbutton? I'm not sure its even feasible or not.
https://issues.jboss.org/browse/KEYCLOAK-2325
REFRESH BUTTON
* Refresh button will repost form data to the URL that is contained in
the browser url window.
* In Keycloak 1.6, I added redirects after successful actions. The
redirect would redirect you off of the last URL. This helped a lot with
refresh button as form data wasn't posted to old form URLs.
* In Keycloak 1.8 I removed the redirects because jboss.org complained
about the performance of the extra redirects. To allow refresh button
to work, keycloak would just ignore posts to old form urls and just
display the current state of the flow.
BACK BUTTON
* Adding support for the back button would require Keycloak to unwind
actions that have already been successful. This probably requires a
callback method on the auth spi to do this.
* Since there are no more redirects, another problem is that keycloak
would not be able to distinguish between a page refresh button and a
backbutton/form resubmit.
Is this something we can put off until 2.0? I currently don't know how
to solve all three issues with the current design: refresh button, back
button, and performance.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev