Here is the PR for just KEYCLOAK-1927:
https://github.com/keycloak/keycloak/pull/1689
Von: Stian Thorgersen [mailto:sthorger@redhat.com]
Gesendet: Donnerstag, 8. Oktober 2015 19:25
An: Sebastian Rose
Cc: keycloak-dev(a)lists.jboss.org
Betreff: Re: [keycloak-dev] Direct link to registration/forgot-credentials
I'm happy with adding the forgot-credentials link, but not 100% sure about what's
the correct approach. Can you prepare a separate PR for just KEYCLOAK-1927 so we can
review it?
We can add it as an option to the js-console, but I don't want to add
forgotCredentials and createForgotCredentialsUrl, nor do I want to add it to the
js-console. Basically I don't really want to advocate this approach.
On 8 October 2015 at 19:14, Sebastian Rose
<sebastian.rose@aoe.com<mailto:sebastian.rose@aoe.com>> wrote:
Hi all,
i have a requirement to provide an external link for register account and
forgot-credentials.
I learned from KEYCLOAK-1904 that using .../openid-connect/registrations?client_id=....
instead auf /openid-connect/auth?client_id=... works for the register account part.
KEYCLOAK-1904 brought this to the js-adapter and provided it as an example to js-console.
While testing that KEYCLOAK-1910 was created due to a problem with the
bean-initialization.
For having the same with forgot-credentials i added simmilar code to make
.../openid-connect/forgot-credentials?client_id=... work. This change is described in
KEYCLOAK-1927.
My first approach was not considering the Authorization SPI (thanks Stian). Second
approach uses the class AuthenticationProcessor which is already used for
.../openid-connect/auth to make KEYCLOAK-1910 and KEYCLOAK-1927 work. I am not sure if i
understood completely and any hint/help is appreciated. With some manual tests it worked
fine (please see
https://github.com/keycloak/keycloak/pull/1686)
Please let me know what you think:
1) .../openid-connect/forgot-credentials is something you can live with/find it usefull
2) Is using class AuthenticationProcessor the correct approach . Anything there to
consider after the call of .authenticate? There is a lot more code in place for the
auth-case, which deals with variants. They don't seem to be useful for the two other
cases.
3) I would like to add .../openid-connect/forgot-credentials to the js-adapter and
js-console as well.
Best Regards,
Sebastian
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org<mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev