[keycloak-dev] Cancel button on login form

[Stian Thorgersen]

----- Original Message -----
> From: ssilvert at redhat.com
> To: keycloak-dev at lists.jboss.org
> Sent: Wednesday, 11 December, 2013 10:08:53 PM
> Subject: Re: [keycloak-dev] Cancel button on login form
> 
> On 12/11/2013 4:01 PM, Bill Burke wrote:
> >
> > On 12/11/2013 2:27 PM, Stian Thorgersen wrote:
> >> I added a cancel button to the login form. It results in a redirect to
> >> "<redirect_uri>?error=access_denied".
> >>
> >> Problem with it is that it doesn't make sense for all applications to have
> >> it. This mainly applies to applications that require a login, for example
> >> the admin console. Question is what do we do for those? Some
> >> alternatives:
> >>
> > This is not a problem IMO.  Let the application decide how it wants to
> > handle a cancel.
> I think there should still be some default behavior.  I'm thinking about
> the case where an application was written without any security in mind.
> You just have this unsecured app that you want to hide behind SSO.  That
> application wouldn't know what to do.

Makes sense, but wouldn't that be handled by the adapter?

> >
> >> * Add an optional query param to login that disables it
> >> (.../tokens/login?nocancel)
> >> * Add a config option to the app that's set through admin console
> >> * Leave it and make the app show a sensible error message - "You're
> >> required to login blah blah, click here to login"
> >>
> > or
> >
> > * redirect to "<redirect_uri>?error=cancelled"
> >
> > or
> >
> > * redirect to "<redirect_uri>?cancelled=true"
> >
> > or from openid connect
> >
> > * redirect to "<redirect_uri>?error=interaction_required"
> >
> > Admin console would see this and just redirect back to the login page.
> >
> >
> >
> 
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>