----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Thursday, 3 September, 2015 3:55:32 PM
Subject: Re: [keycloak-dev] Cancel button options for clients
Should cancel on the required action to the same thing? What do other
sites do when cancel is executed?
Had a look around and actually I had a hard time finding a site that had a cancel or back
to application at all.
I don't think we should have a cancel on required action. A required action is
something that the user has to perform to continue, so it makes no sense to let them
cancel it.
However, the admin initiated actions (admin sends email with reset password) should
ideally have a "Back to login" or something like that
On 9/3/2015 8:52 AM, Stian Thorgersen wrote:
> +1 That's simpler and cleaner. If anyone complains it's gone we'll just
> tell them how to add a back to app link to the template. If we get a lot
> of people demanding it then we can introduce the option I proposed.
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke(a)redhat.com>
>> To: keycloak-dev(a)lists.jboss.org
>> Sent: Thursday, 3 September, 2015 2:36:18 PM
>> Subject: Re: [keycloak-dev] Cancel button options for clients
>>
>> Maybe just remove cancel entirely for username/password page? Keep the
>> cancel button for OTP and other screens that are deeper in the flow. If
>> cancel is selected there, then just reset the flow and start login over.
>> Developers can decide to put in their own "back to application"
>> buttons or menus by changing the template file.
>>
>>
>> On 9/3/2015 3:04 AM, Stian Thorgersen wrote:
>>> Currently the cancel button always redirects to the redirect_uri with
>>> error=access_denied. This is fine if the application wants to handle the
>>> rejected login. However, it does require the application to add
>>> logic/error handling to display a suitable error message to the user
>>> instead of just a generic 400 error page.
>>>
>>> I propose we add a configuration option to clients for how the cancel
>>> button is handled. Options would be:
>>>
>>> * None - don't display cancel button, this is useful when login is
>>> mandatory (for example our admin console)
>>> * Error redirect - redirect to redirect_uri with error=access_denied
>>> * Return to app - redirect to base_url of client (if this is set base_url
>>> would be required)
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>>
http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com