Re: [keycloak-dev] social login and remember me

Services usually don’t have a “Remember Me” for social logins. Thus, I don’t recall a pattern for this. Here is a proposal for where it could be located. We can improve it as the product develops. What do you think? Gabriel On Feb 24, 2014, at 12:43 PM, Stian Thorgersen <stian(a)redhat.com <mailto:stian@redhat.com>> wrote: > > > ----- Original Message ----- >> From: "Bill Burke" <bburke(a)redhat.com <mailto:bburke@redhat.com>> >> To: "Stian Thorgersen" <stian(a)redhat.com <mailto:stian@redhat.com>>, >> "Gabriel Cardoso" <gcardoso(a)redhat.com <mailto:gcardoso@redhat.com>> >> Cc: keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org> >> Sent: Monday, 24 February, 2014 3:28:40 PM >> Subject: Re: [keycloak-dev] social login and remember me >> >> >> >> On 2/24/2014 9:22 AM, Stian Thorgersen wrote: >>> Added Gabriel to see if he has a good idea >>> >>> With the current L&F I can only think of two solutions (neither of >>> which I >>> particularly like): >>> >>> 1. Have it under username/password - probably means no-one is going to >>> associate it with a social login >>> 2. Have on under username/password and one under all social logins - I >>> think this will look weird, and not convinced people will associate it >>> with a particular login >>> >> >> Above is why I started this email in the first place :( There is no good >> option with the current L&F. >> >>> Is there a way we can not require this for social logins? Social >>> networks >>> would already provide this mechanism so if we can somehow integrate with >>> that, we wouldn't need it. One idea would be to set a cookie when a user >>> has used a social login, then test if they are still logged in with that >>> automatically. >>> >> >> Without "Remember me" the user would have to still be redirected to >> Keycloak login page and click "Google" or whatever. > > Not necessarily. I was thinking something along the lines of: > > * In social callback we set a cookie to remember user last logged in > with 'Google' > * On next login we check if this cookie is set, if it's set we > automatically redirect to login on 'Google' with 'prompt=none' > * If we get a code from Google, user is logged in and we can redirect > with code. If we get an error, then we display login form > > Probably to complex, and probably won't work with all providers (as > they may not provide prompt=none option). Just thinking out of the box ;) > >> >> -- >> Bill Burke >> JBoss, a division of Red Hat >> http://bill.burkecentral.com <http://bill.burkecentral.com/> --- Gabriel Cardoso User Experience Designer @ Red Hat