Re: [keycloak-dev] Automatically login user to application when logged into realm

To retrieve an access code an application is required to redirect the user to the login page. If the user is already logged-in to the realm the user is just redirected back to the application. If the user is not already logged-in the login form is displayed. This means that if an application tries to automatically login users when they open the application it will require the user to fill in the login form if the user is not logged in. What's needed is a way for the application to find out if the user is already logged in to the realm. If it is the user can be automatically logged-in. This is what I achieved by adding the 'noforms' query parameter to the 'auth/request/login'. This mechanism would be especially convenient for HTML5 applications as it would allow users to be "re-loggedin" without having to store authorization tokens (or even worse refresh tokens) on the client side. On a page refresh you'd simply just call the "can I get an access code without user input" endpoint to retrieve one. ----- Original Message ----- > From: "Bill Burke" <bburke(a)redhat.com&gt; > To: keycloak-dev(a)lists.jboss.org > Sent: Tuesday, 22 October, 2013 3:05:25 PM > Subject: Re: [keycloak-dev] Automatically login user to application when logged into realm > > I don't know what you mean. Single sign on is the first thing that was > implemented for Keycloak and should work. What you describe should > *already* exist in the codebase. > > On 10/22/2013 9:11 AM, Stian Thorgersen wrote: >> Currently there's no mechanism for an application to automatically login a >> user that is already logged in to the realm. >> >> I've added a proposal to https://github.com/stianst/keycloak/tree/auto-sso. >> It's a simple approach where all it does is to add an optional 'noforms' >> query parameter to 'auth/request/login'. If noforms is specified a code is >> returned only if the user is already logged in to the realm + grants are >> already given (as grants are not saved currently that will never be the >> case). Otherwise it will return error=access_denied. >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev >> > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev >