Hi great Keycloak dev team,

during implementation of https://issues.jboss.org/browse/KEYCLOAK-1074 I found few things which should be improved in area of registration over Social Login providers.
I'd like to discuss them here before creating JIRAs. I believe I should implement these changes if you will be interested.

1. It is not possible to disable registration over Social provider
======================================
Once provider is created then it is always possible to register over it, even if "User registration" is disabled in realm "Login Settings". I think it should be possible to disable social registrations and allow only to link social logins to existing accounts (eg. loaded from other system).

Marek Posolda pointed me to https://issues.jboss.org/browse/KEYCLOAK-1036 which is rejected without any comment. I understand that this global setting is probably not a good solution, so my proposal is to add independent "User registration" switch into configuration of each Identity provider, so admin will get fine grained control.

2. Username from Social provider is used as Keycloak username during registration
===================================================
This can lead to the situation that user registering eg. over Twitter will not be able to register as other user eg. from Facebook will use same username there and occupy it in Keycloak as first.
My proposal is to extend configuration of each Identity provider by new option "Username type" which will be select from these options:
So let me know what you think about my proposals, can I implement them?

Cheers

Vlastimil

-- 
Vlastimil Elias
Principal Software Engineer
jboss.org Development Team