10:49 p.m.
Hello!
We have a product on which we create a protected resource (called orders)
in keycloak and we secure access to it by using a UMA as described by uma
authorization process
<https://www.keycloak.org/docs/7.0/authorization_services/#_service_uma_au...
.
When the user drops from the system before they submit their order (i.e.
the order is incomplete) we want to be able to send them an email with a
link to the user so they’ll be able to get automatically authenticated and
authorized so they can continue working on this protected resource.
Does keycloak provide this kind of functionality out of the box?
(i.e. given a link with some sort of long-lived token, get authenticated
with keycloak and redirected to some arbitrary url)
Is there any recommended way to approach this?
any hints would be greatly appreciated.
7:47 a.m.
Hi,
When the user "drops" from the system you mean a logout (ending the user
session in Keycloak) ?
On Thu, Nov 14, 2019 at 1:53 AM Fernando Mayoral <
fernando.mayoral(a)practiv.com> wrote:
Hello!
We have a product on which we create a protected resource (called orders)
in keycloak and we secure access to it by using a UMA as described by uma
authorization process
<
https://www.keycloak.org/docs/7.0/authorization_services/#_service_uma_au...
>
.
When the user drops from the system before they submit their order (i.e.
the order is incomplete) we want to be able to send them an email with a
link to the user so they’ll be able to get automatically authenticated and
authorized so they can continue working on this protected resource.
Does keycloak provide this kind of functionality out of the box?
(i.e. given a link with some sort of long-lived token, get authenticated
with keycloak and redirected to some arbitrary url)
Is there any recommended way to approach this?
any hints would be greatly appreciated.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3:36 p.m.
Yes, they leave the application and their keycloak session expires.
So then we want to send them a link for them to get a new session with
their user and get redirected to the order they didn't complete.
For example, a product is a bank account application:
They start filling the forms and early on they are asked for email.
But they never finish and submit the form, or maybe they leave the tab open
and forget so the session expires, so we send them an email to remind them
with a link to get authenticated and redirected back to an arbitrary url.
On Fri, Nov 15, 2019 at 2:47 AM Pedro Igor Silva <psilva(a)redhat.com> wrote:
Hi,
When the user "drops" from the system you mean a logout (ending the user
session in Keycloak) ?
On Thu, Nov 14, 2019 at 1:53 AM Fernando Mayoral <
fernando.mayoral(a)practiv.com> wrote:
> Hello!
>
> We have a product on which we create a protected resource (called orders)
> in keycloak and we secure access to it by using a UMA as described by uma
> authorization process
> <
>
https://www.keycloak.org/docs/7.0/authorization_services/#_service_uma_au...
> >
> .
>
> When the user drops from the system before they submit their order (i.e.
> the order is incomplete) we want to be able to send them an email with a
> link to the user so they’ll be able to get automatically authenticated and
> authorized so they can continue working on this protected resource.
>
> Does keycloak provide this kind of functionality out of the box?
> (i.e. given a link with some sort of long-lived token, get authenticated
> with keycloak and redirected to some arbitrary url)
> Is there any recommended way to approach this?
>
> any hints would be greatly appreciated.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
6:44 a.m.
What type of application we are talking about? A single monolithic or
separated apps for frontend and backend ? Asking because you could just
resume the workflow after the user authenticate again and is redirected
back to your app ...
AFAIK, there is nothing you could use OOTB but maybe implementing some
custom authenticator. Even with a custom authenticator, the fact that you
are automatically re-authenticating the user based on some form of code
sent to an email may be risky ...
On Thu, Nov 14, 2019 at 6:37 PM Fernando Mayoral <
fernando.mayoral(a)practiv.com> wrote:
Yes, they leave the application and their keycloak session expires.
So then we want to send them a link for them to get a new session with
their user and get redirected to the order they didn't complete.
For example, a product is a bank account application:
They start filling the forms and early on they are asked for email.
But they never finish and submit the form, or maybe they leave the tab
open and forget so the session expires, so we send them an email to remind
them with a link to get authenticated and redirected back to an arbitrary
url.
On Fri, Nov 15, 2019 at 2:47 AM Pedro Igor Silva <psilva(a)redhat.com>
wrote:
> Hi,
>
> When the user "drops" from the system you mean a logout (ending the user
> session in Keycloak) ?
>
> On Thu, Nov 14, 2019 at 1:53 AM Fernando Mayoral <
> fernando.mayoral(a)practiv.com> wrote:
>
>> Hello!
>>
>> We have a product on which we create a protected resource (called orders)
>> in keycloak and we secure access to it by using a UMA as described by uma
>> authorization process
>> <
>>
https://www.keycloak.org/docs/7.0/authorization_services/#_service_uma_au...
>> >
>> .
>>
>> When the user drops from the system before they submit their order (i.e.
>> the order is incomplete) we want to be able to send them an email with a
>> link to the user so they’ll be able to get automatically authenticated
>> and
>> authorized so they can continue working on this protected resource.
>>
>> Does keycloak provide this kind of functionality out of the box?
>> (i.e. given a link with some sort of long-lived token, get authenticated
>> with keycloak and redirected to some arbitrary url)
>> Is there any recommended way to approach this?
>>
>> any hints would be greatly appreciated.
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
1887
days inactive
1888
days old
3 comments
2 participants
participants (2)
-
Fernando Mayoral -
Pedro Igor Silva