On 28.10.2015 21:32, Bill Burke wrote:
> If a user has loads of social networks and links a bunch of them, if
> *any one* of them is compromised the entire account is compromised.
> Most sites using social login, the only reason is there is a login is
> for the appliation to collect marketing data. So, the default behavior
> should make things as simple as possible for the user.
>
> At a minimum, by default, the user should not be required to link an
> account if there is a conflicting duplicate email given by the provider.
> I have found
develoeprs.redhat.com very difficult to use.
yep, it is difficult to use because it have to follow company's policy
with unique emails and Keycloak do not provide necessary support for
simple and user friendly account linking currently ;-)
Yeah, its not your fault. Its ours.
--
Bill Burke
JBoss, a division of Red Hat