[keycloak-dev] Ok to have no direct links to...

Stian Thorgersen stian at redhat.com
Wed Oct 1 02:59:02 EDT 2014


I agree that a non-webview approach may have benefits. However, there's a lot of functionality that would have to be reproduced for all platforms. Alternatively, we could support a limited set of functionality without a webview, and if anything else is required use a webview, or even pop up the browser.

On Android, Google uses a webview if you have Google Authenticator enabled.

For a complete experience the following is currently required:

* Login (username/password)
  - Social logins (configurable through realm)
  - Recover password link
  - Registration link
  - Remember me option
* Multi-factor authenticating (soon we'll support pluggable auth mechanisms)
* Registration page (fields will be configurable in the future)
* Required actions (update profile, reset password, verify email, configure totp)

Then there's also single-sign on/out to consider.

All of the above can be done in a native way already by just doing the same HTTP posts as the login forms does. However, even a basic login would be tricky to do due to multi-factor authentication.

----- Original Message -----
> From: "Bruno Oliveira" <bruno at abstractj.org>
> To: "Summers Pittman" <supittma at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Wednesday, 1 October, 2014 1:06:13 AM
> Subject: Re: [keycloak-dev] Ok to have no direct links to...
> 
> Back from vacations, I think would be nice if it doesn't exist already
> endpoints like Corinne mentioned.
> 
> Webviews from the security side of the things are a bad idea for mobile apps.
> I wouldn't like
> to use that if possible.
> 
> On 2014-09-30, Summers Pittman wrote:
> > On 9/30/2014 9:31 AM, Bill Burke wrote:
> > >
> > > On 9/30/2014 9:28 AM, Corinne Krych wrote:
> > >> On 26 Sep 2014, at 17:27, Bill Burke <bburke at redhat.com> wrote:
> > >>
> > >>> I need some input.
> > >>>
> > >>> It is ok for, registration page and social link buttons to only be
> > >>> linkable from within a Keycloak login page?
> > >>>
> > >> When you say keyclaok login page, does it have to ba web-based page?
> > >>
> > >> What about mobile native app?
> > >> It would be nice to have the option for an iOS mobile app to add
> > >> “MykeycloakServername login” customizable button from the native app
> > >> sdk.
> > >> Like google+plus btutton for example:
> > >> https://developers.google.com/+/mobile/ios/sign-in
> > >>
> > > Somebody on the Aerogear project implemented something like this for
> > > Android.  They may be doing the same for iOS too.
> > I have no plans on doing things for iOS. The Android Authenticator just
> > displays a webview of the login page and detects when then "code"
> > parameter is in the response URI.
> > >
> > > Bill
> > >
> >
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 
> --
> 
> abstractj
> PGP: 0x84DC9914
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev



More information about the keycloak-dev mailing list