Re: [keycloak-dev] Automatically login user to application when logged into realm
On 10/22/2013 11:22 AM, Stian Thorgersen wrote:
Let's see if I can manage to explain this properly.
The flow is:
1. Application redirects to '../auth/request/login'
1.1. If user is not logged in to realm display login form
1.2. If application is not a KEYCLOAK_APPLICATION and doesn't already have grants
display oauth grant page
2. If successful redirect to application with authorization code
3. Application retrieves access token from '../access/codes'
With the current flow there is no way for an application to check if a user is already
logged-in to the realm (+ grants given). So the only options would be to either:
I don't get why the application needs to check if the user is already
logged in. Just start the oauth flow by redirecting to the auth-server.
If the user is already logged in, then, keycloak *already* will create
an access code and redirect back to the redirect URL immediately.
I do not think you approach is correct at the moment.. IMO, what you
have to do is create a Javascript Application Adapter that can run in
the browser. It would work exactly like the JBoss Application adapter
except it would run within the browser.
ALl in all, IMO, you're still better off doing this flow on the server
side like the examples do. It is more secure as it doesn't require
public client/application credentials.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com