[keycloak-dev] Cancel button on login form

ssilvert at redhat.com ssilvert at redhat.com
Thu Dec 12 08:57:27 EST 2013


On 12/12/2013 3:46 AM, Stian Thorgersen wrote:
> ----- Original Message -----
>> From: ssilvert at redhat.com
>> To: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 11 December, 2013 10:08:53 PM
>> Subject: Re: [keycloak-dev] Cancel button on login form
>>
>> On 12/11/2013 4:01 PM, Bill Burke wrote:
>>> On 12/11/2013 2:27 PM, Stian Thorgersen wrote:
>>>> I added a cancel button to the login form. It results in a redirect to
>>>> "<redirect_uri>?error=access_denied".
>>>>
>>>> Problem with it is that it doesn't make sense for all applications to have
>>>> it. This mainly applies to applications that require a login, for example
>>>> the admin console. Question is what do we do for those? Some
>>>> alternatives:
>>>>
>>> This is not a problem IMO.  Let the application decide how it wants to
>>> handle a cancel.
>> I think there should still be some default behavior.  I'm thinking about
>> the case where an application was written without any security in mind.
>> You just have this unsecured app that you want to hide behind SSO.  That
>> application wouldn't know what to do.
> Makes sense, but wouldn't that be handled by the adapter?
Yes, I think that's where default behavior would probably live.
>
>>>> * Add an optional query param to login that disables it
>>>> (.../tokens/login?nocancel)
>>>> * Add a config option to the app that's set through admin console
>>>> * Leave it and make the app show a sensible error message - "You're
>>>> required to login blah blah, click here to login"
>>>>
>>> or
>>>
>>> * redirect to "<redirect_uri>?error=cancelled"
>>>
>>> or
>>>
>>> * redirect to "<redirect_uri>?cancelled=true"
>>>
>>> or from openid connect
>>>
>>> * redirect to "<redirect_uri>?error=interaction_required"
>>>
>>> Admin console would see this and just redirect back to the login page.
>>>
>>>
>>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>



More information about the keycloak-dev mailing list