Thanks Stian for getting my point.
Here is screencast how google works for me: https://dl.dropboxusercontent.com/u/40512422/devel/keycloak/google-login-back-button.mov
Let me describe these things from really “end user” perspective.
If I’m trying to feel like a really “end-user” the only thing that Login Server is responsible for is provide me a way (registration or login) to give me access to let’s call it “secured content".
I don’t care about login server. I care about the secured content.
If I’m successfully logged in and SSO session exists I should not see any “no longer valid” message because it’s not true. I’m logged in so everything is OK and I didn’t make any mistake. I successfully logs in and should get the “secured content”.
In case the login server would give me “page is no longer valid” brings to my mind something like “I was logged out” or “I did something wrong” or “I need to do something again like do login again".
Thanks,
Libor Krzyžanek
Principal Software Engineer
Red Hat Developers | Engineering
I agree it should either show a page is no longer valid message or redirect back to origin as you're suggesting. The latter is the best, but we need to be able to identify that's actually what should be done. I tried with Google and it actually didn't work for me, it showed me the password page again.