Hi,
At this moment, if you have Facebook and Google account and both
have same email address
"foo@gmail.com" , you need to either:
1) Register user first with Facebook, which will create new user
account in Keycloak with email address
"foo@gmail.com" and this
account will be linked with Facebook. Then you can link this user
with Google in Account Management UI. In this way, user with email
"foo@gmail.com" will be linked to both Facebook and Google and
from this point he can login to both.
2) Manually register user with email
"foo@gmail.com" and then link
him in Account Management with both Facebook and Google.
What you can't do ATM is to register user with Facebook first
(like in first part of flow 1), then logout and then try to
register him with Google. In this case user is not yet linked to
Google, but user account with email address
"foo@gmail.com"
already exists in Keycloak. So that's why it fails because there
is enforcement to have unique email addresses in Keycloak.
I agree that it would be nice to have support for this flow. I
think when trying to SignIn with Google in case that user with
this email already exists, Keycloak should display screen with
some message like: "User with address
foo@gmail.com already
exists. Do you want to link your account with this one?" . In case
that user choose "Yes" he will need to login into Keycloak via
some different form. If user choose "No" registration will be
finished as failed. Support for this flow is a bit tricky and IMO
it won't be possible to do it in Keycloak 1.0.Final, but probably
somewhere later. What we can do in 1.0.Final IMO is just do a
small fix in UI that there is no exception message like
"ModelDuplicateException" displayed somewhere in UI, but instead
some more friendly message will be shown like: "Your email
foo@gmail.com already exists in Keycloak. Login first and then
link your account with this"
Marek
On 9.6.2014 21:28, Rodrigo Sasaki wrote: