----- Original Message -----
From: ssilvert(a)redhat.com
To: keycloak-dev(a)lists.jboss.org
Sent: Wednesday, 11 December, 2013 10:08:53 PM
Subject: Re: [keycloak-dev] Cancel button on login form
On 12/11/2013 4:01 PM, Bill Burke wrote:
>
> On 12/11/2013 2:27 PM, Stian Thorgersen wrote:
>> I added a cancel button to the login form. It results in a redirect to
>> "<redirect_uri>?error=access_denied".
>>
>> Problem with it is that it doesn't make sense for all applications to have
>> it. This mainly applies to applications that require a login, for example
>> the admin console. Question is what do we do for those? Some
>> alternatives:
>>
> This is not a problem IMO. Let the application decide how it wants to
> handle a cancel.
I think there should still be some default behavior. I'm thinking about
the case where an application was written without any security in mind.
You just have this unsecured app that you want to hide behind SSO. That
application wouldn't know what to do.
Makes sense, but wouldn't that be handled by the adapter?
>
>> * Add an optional query param to login that disables it
>> (.../tokens/login?nocancel)
>> * Add a config option to the app that's set through admin console
>> * Leave it and make the app show a sensible error message - "You're
>> required to login blah blah, click here to login"
>>
> or
>
> * redirect to "<redirect_uri>?error=cancelled"
>
> or
>
> * redirect to "<redirect_uri>?cancelled=true"
>
> or from openid connect
>
> * redirect to "<redirect_uri>?error=interaction_required"
>
> Admin console would see this and just redirect back to the login page.
>
>
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev