7:14 a.m.
----- Original Message -----
From: "Stian Thorgersen" <stian(a)redhat.com>
To: "Pedro Igor Silva" <psilva(a)redhat.com>
Cc: "keycloak dev" <keycloak-dev(a)lists.jboss.org>
Sent: Tuesday, January 6, 2015 9:53:56 AM
Subject: Re: [keycloak-dev] Email constraint violation when updating profile
This is a corner case and we can safely ignore it until someone complains
about it. There are also already ways to work around it:
1) User logs into account console, removes the social/broker link, logs in to
the other account and adds the social link
2) User talks to admin, admin deletes one account (or removes social/broker
link), then user can link to existing account
When we implemented linking of accounts in the first place me and Marek
discussed this issue over and over. Whichever solution we came up with had
issues, both technical and usability issues. So end of the day we decided
that as there's a work around to it, and that it won't be a very common
problem, we could safely ignore it.
Not sure if you can safely ignore it. Users will get an ugly error on their browser,
instead of a proper error message. If you just check for a duplicate email in
org.keycloak.services.resources.LoginActionsService#updateProfile, that would be enough to
avoid the error. And this is should be very simple.
With regards to the proposed solution, that was one we visited, but it has
several issues. Creating the user after doesn't work as we need to have
somewhere to store the information and it would also add more complexity to
required actions. Also, it doesn't work if update profile is not required on
first login or if email is not required. In either of those cases you end up
with at some point in the future the user may try to update the account with
their email and get the same problem.
Not really, the validation above should be enough.
Still not convinced :) I understand the technical blockers, but they should not be
blockers to offer a better usability.
From a business perspective, the workflow is wrong. You can not store
the user before getting the input from the user when update profile is enabled. That is
what you see around the web and what KC does partially.
----- Original Message -----
> From: "Pedro Igor Silva" <psilva(a)redhat.com>
> To: "keycloak dev" <keycloak-dev(a)lists.jboss.org>
> Sent: Tuesday, 6 January, 2015 12:33:30 PM
> Subject: [keycloak-dev] Email constraint violation when updating profile
>
> Hi,
>
> Would like to know your thoughts on KEYCLOAK-924 [1].
>
> Looks like there is an issue with the "Update Profile" workflow that
> also
> impacts social authentication and account linking.
>
> Regards.
> Pedro Igor
>
> [1] https://issues.jboss.org/browse/KEYCLOAK-924
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>