Re: [keycloak-dev] Cancel button on login form

----- Original Message ----- > From: ssilvert(a)redhat.com > To: keycloak-dev(a)lists.jboss.org > Sent: Wednesday, 11 December, 2013 10:08:53 PM > Subject: Re: [keycloak-dev] Cancel button on login form > > On 12/11/2013 4:01 PM, Bill Burke wrote: >> On 12/11/2013 2:27 PM, Stian Thorgersen wrote: >>> I added a cancel button to the login form. It results in a redirect to >>> "<redirect_uri>?error=access_denied". >>> >>> Problem with it is that it doesn't make sense for all applications to have >>> it. This mainly applies to applications that require a login, for example >>> the admin console. Question is what do we do for those? Some >>> alternatives: >>> >> This is not a problem IMO. Let the application decide how it wants to >> handle a cancel. > I think there should still be some default behavior. I'm thinking about > the case where an application was written without any security in mind. > You just have this unsecured app that you want to hide behind SSO. That > application wouldn't know what to do. Makes sense, but wouldn't that be handled by the adapter?

>>> * Add an optional query param to login that disables it >>> (.../tokens/login?nocancel) >>> * Add a config option to the app that's set through admin console >>> * Leave it and make the app show a sensible error message - "You're >>> required to login blah blah, click here to login" >>> >> or >> >> * redirect to "<redirect_uri>?error=cancelled" >> >> or >> >> * redirect to "<redirect_uri>?cancelled=true" >> >> or from openid connect >> >> * redirect to "<redirect_uri>?error=interaction_required" >> >> Admin console would see this and just redirect back to the login page. >> >> >> > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev >