Hi,

At this moment, if you have Facebook and Google account and both have same email address "foo@gmail.com" , you need to either:

1) Register user first with Facebook, which will create new user account in Keycloak with email address "foo@gmail.com" and this account will be linked with Facebook. Then you can link this user with Google in Account Management UI. In this way, user with email "foo@gmail.com" will be linked to both Facebook and Google and from this point he can login to both.

2) Manually register user with email "foo@gmail.com" and then link him in Account Management with both Facebook and Google.

What you can't do ATM is to register user with Facebook first (like in first part of flow 1), then logout and then try to register him with Google. In this case user is not yet linked to Google, but user account with email address "foo@gmail.com" already exists in Keycloak. So that's why it fails because there is enforcement to have unique email addresses in Keycloak.

 I agree that it would be nice to have support for this flow. I think when trying to SignIn with Google in case that user with this email already exists, Keycloak should display screen with some message like: "User with address foo@gmail.com already exists. Do you want to link your account with this one?" . In case that user choose "Yes" he will need to login into Keycloak via some different form. If user choose "No" registration will be finished as failed. Support for this flow is a bit tricky and IMO it won't be possible to do it in Keycloak 1.0.Final, but probably somewhere later. What we can do in 1.0.Final IMO is just do a small fix in UI that there is no exception message like "ModelDuplicateException" displayed somewhere in UI, but instead some more friendly message will be shown like: "Your email foo@gmail.com already exists in Keycloak. Login first and then link your account with this"

Marek


On 9.6.2014 21:28, Rodrigo Sasaki wrote:
I guess it can wait, it would be good to get this sorted but I know you're all very busy.

I'll download the master branch again and see what I can find


On Mon, Jun 9, 2014 at 4:13 PM, Bill Burke <bburke@redhat.com> wrote:
Stian wrote this code and is at a face to face meeting this week.  Can
you wait until next week for an answer?  I could look into it, but I'm
focused on some caching features and pushing out Beta 3 at the moment.

On 6/9/2014 10:43 AM, Rodrigo Sasaki wrote:
> I've been trying to work with the Social Providers feature of Keycloak,
> but I've had some problems.
>
> First of all I'm using the beta-2 version, and I created Facebook and
> Google links to applications I have there and it worked fine.
>
> If I create a new user logging in with Facebook it works
> If I create a new user logging in with Google it works aswell.
>
> When I try linking things, that's where things go wrong.
>
> I have created a new Keycloak user, and accessed:
>
> *http://localhost:8080/auth/realms/myrealm/account*
>
> and on that URL I associated my Google and Facebook accounts, when I do
> it like that, it all works fine, but when I tried to see if it worked
> automatically it all went south.
>
> I deleted the social links from this account, and then tried to login to
> a keycloak secured application via Facebook, and the e-mail of my
> Facebook account is the same of the keycloak accunt, which led to an
> exception
>
> /org.keycloak.models.ModelDuplicateException:
> javax.persistence.PersistenceException:
> org.hibernate.exception.ConstraintViolationException: ERROR: duplicate
> key value violates unique constraint "userentity_realm_email_key"/
>
> The same happens if I have no account at all, and create one with
> Facebook, then try logging in with Google.
>
> Is there something I'm missing, or is this flow still being worked on?
>
> I have read this wiki, and I think it's the item 5 that isn't working
> correctly
>
> https://github.com/keycloak/keycloak/wiki/Registration-Authentication-with-social-providers-and-linking-of-social-accounts
>
>
> --
> Rodrigo Sasaki
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user



--
Rodrigo Sasaki


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user