From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com&gt; To: "Stian Thorgersen" <sthorger(a)redhat.com&gt; Sent: Wednesday, 11 June, 2014 1:41:13 PM Subject: Re: [keycloak-user] Multiple Social Providers for Single Account That is totally fine, I'm just hoping I can help you guys somehow, contribute with something too On Wed, Jun 11, 2014 at 9:07 AM, Stian Thorgersen <sthorger(a)redhat.com&gt; wrote: > I'll have a look at it and get back to you. It won't be until beginning of > next week though. > > Rodrigo Sasaki <rodrigopsasaki(a)gmail.com&gt; wrote: > > > We need this feature now, so we're making some alterations to make it work > for us. > > Although we'd like to contribute to the Keycloak project if you feel our > alteration is fitting. We have done some tests, and we changed the > SocialResource class to treat this special flow. > > What we did is add a step to find the user by e-mail, before going into > the block where it creates a new user from scratch. I'm not a security > specialist, that's why I'd like you to take a look at it, because there may > exist security flaws that I'm not aware of, and if we can come up with > something that looks good, we could submit a PR for the project. > > Here's how our code looks now, we built it on top of the beta-2 source: > http://pastebin.com/H9S0fWjH > > I highlighted the part where alterations begin and end. > > I hope we can help each other in this. > > Best regards, > Rodrigo > > > On Tue, Jun 10, 2014 at 8:11 AM, Stian Thorgersen <sthorger(a)redhat.com&gt; > wrote: > >> Currently the only way we support to link multiple accounts is through >> the account managent. There's no automatic linking, so the problem you're >> seeing is at the moment the expected behavior as we only allow one account >> per email. >> >> We would like to improve this flow in the future, and any suggestions on >> how it could/should work would be great. It would most likely not be added >> until after 1.0.final. >> >> Rodrigo Sasaki <rodrigopsasaki(a)gmail.com&gt; wrote: >> >> >> I guess it can wait, it would be good to get this sorted but I know >> you're all very busy. >> >> I'll download the master branch again and see what I can find >> >> >> On Mon, Jun 9, 2014 at 4:13 PM, Bill Burke <bburke(a)redhat.com&gt; wrote: >> >>> Stian wrote this code and is at a face to face meeting this week. Can >>> you wait until next week for an answer? I could look into it, but I'm >>> focused on some caching features and pushing out Beta 3 at the moment. >>> >>> On 6/9/2014 10:43 AM, Rodrigo Sasaki wrote: >>> > I've been trying to work with the Social Providers feature of Keycloak, >>> > but I've had some problems. >>> > >>> > First of all I'm using the beta-2 version, and I created Facebook and >>> > Google links to applications I have there and it worked fine. >>> > >>> > If I create a new user logging in with Facebook it works >>> > If I create a new user logging in with Google it works aswell. >>> > >>> > When I try linking things, that's where things go wrong. >>> > >>> > I have created a new Keycloak user, and accessed: >>> > >>> > *http://localhost:8080/auth/realms/myrealm/account* >>> > >>> > and on that URL I associated my Google and Facebook accounts, when I do >>> > it like that, it all works fine, but when I tried to see if it worked >>> > automatically it all went south. >>> > >>> > I deleted the social links from this account, and then tried to login >>> to >>> > a keycloak secured application via Facebook, and the e-mail of my >>> > Facebook account is the same of the keycloak accunt, which led to an >>> > exception >>> > >>> > /org.keycloak.models.ModelDuplicateException: >>> > javax.persistence.PersistenceException: >>> > org.hibernate.exception.ConstraintViolationException: ERROR: duplicate >>> > key value violates unique constraint "userentity_realm_email_key"/ >>> > >>> > The same happens if I have no account at all, and create one with >>> > Facebook, then try logging in with Google. >>> > >>> > Is there something I'm missing, or is this flow still being worked on? >>> > >>> > I have read this wiki, and I think it's the item 5 that isn't working >>> > correctly >>> > >>> > >>> https://github.com/keycloak/keycloak/wiki/Registration-Authentication-wit... >>> > >>> > >>> > -- >>> > Rodrigo Sasaki >>> > >>> > >>> > _______________________________________________ >>> > keycloak-user mailing list >>> > keycloak-user(a)lists.jboss.org >>> > https://lists.jboss.org/mailman/listinfo/keycloak-user >>> > >>> >>> -- >>> Bill Burke >>> JBoss, a division of Red Hat >>> http://bill.burkecentral.com >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> >> >> >> >> -- >> Rodrigo Sasaki >> > > > > -- > Rodrigo Sasaki > -- Rodrigo Sasaki