Hi,
At this moment, if you have Facebook and Google account and both have
same email address "foo(a)gmail.com" , you need to either:
1) Register user first with Facebook, which will create new user account
in Keycloak with email address "foo(a)gmail.com" and this account will be
linked with Facebook. Then you can link this user with Google in Account
Management UI. In this way, user with email "foo(a)gmail.com" will be
linked to both Facebook and Google and from this point he can login to both.
2) Manually register user with email "foo(a)gmail.com" and then link him
in Account Management with both Facebook and Google.
What you can't do ATM is to register user with Facebook first (like in
first part of flow 1), then logout and then try to register him with
Google. In this case user is not yet linked to Google, but user account
with email address "foo(a)gmail.com" already exists in Keycloak. So that's
why it fails because there is enforcement to have unique email addresses
in Keycloak.
I agree that it would be nice to have support for this flow. I think
when trying to SignIn with Google in case that user with this email
already exists, Keycloak should display screen with some message like:
"User with address foo(a)gmail.com already exists. Do you want to link
your account with this one?" . In case that user choose "Yes" he will
need to login into Keycloak via some different form. If user choose "No"
registration will be finished as failed. Support for this flow is a bit
tricky and IMO it won't be possible to do it in Keycloak 1.0.Final, but
probably somewhere later. What we can do in 1.0.Final IMO is just do a
small fix in UI that there is no exception message like
"ModelDuplicateException" displayed somewhere in UI, but instead some
more friendly message will be shown like: "Your email foo(a)gmail.com
already exists in Keycloak. Login first and then link your account with
this"
Marek
On 9.6.2014 21:28, Rodrigo Sasaki wrote:
I guess it can wait, it would be good to get this sorted but I know
you're all very busy.
I'll download the master branch again and see what I can find
On Mon, Jun 9, 2014 at 4:13 PM, Bill Burke <bburke(a)redhat.com
<mailto:bburke@redhat.com>> wrote:
Stian wrote this code and is at a face to face meeting this week. Can
you wait until next week for an answer? I could look into it, but I'm
focused on some caching features and pushing out Beta 3 at the moment.
On 6/9/2014 10:43 AM, Rodrigo Sasaki wrote:
> I've been trying to work with the Social Providers feature of
Keycloak,
> but I've had some problems.
>
> First of all I'm using the beta-2 version, and I created
Facebook and
> Google links to applications I have there and it worked fine.
>
> If I create a new user logging in with Facebook it works
> If I create a new user logging in with Google it works aswell.
>
> When I try linking things, that's where things go wrong.
>
> I have created a new Keycloak user, and accessed:
>
> *http://localhost:8080/auth/realms/myrealm/account*
>
> and on that URL I associated my Google and Facebook accounts,
when I do
> it like that, it all works fine, but when I tried to see if it
worked
> automatically it all went south.
>
> I deleted the social links from this account, and then tried to
login to
> a keycloak secured application via Facebook, and the e-mail of my
> Facebook account is the same of the keycloak accunt, which led to an
> exception
>
> /org.keycloak.models.ModelDuplicateException:
> javax.persistence.PersistenceException:
> org.hibernate.exception.ConstraintViolationException: ERROR:
duplicate
> key value violates unique constraint "userentity_realm_email_key"/
>
> The same happens if I have no account at all, and create one with
> Facebook, then try logging in with Google.
>
> Is there something I'm missing, or is this flow still being
worked on?
>
> I have read this wiki, and I think it's the item 5 that isn't
working
> correctly
>
>
https://github.com/keycloak/keycloak/wiki/Registration-Authentication-wit...
>
>
> --
> Rodrigo Sasaki
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Rodrigo Sasaki
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user