[keycloak-dev] Improvements of registration over Social Login providers

Vlastimil Elias velias at redhat.com
Wed Mar 11 05:45:06 EDT 2015 

Hi great Keycloak dev team,

during implementation of https://issues.jboss.org/browse/KEYCLOAK-1074 I 
found few things which should be improved in area of registration over 
Social Login providers.
I'd like to discuss them here before creating JIRAs. I believe I should 
implement these changes if you will be interested.

1. It is not possible to disable registration over Social provider
======================================
Once provider is created then it is always possible to register over it, 
even if "User registration" is disabled in realm "Login Settings". I 
think it should be possible to disable social registrations and allow 
only to link social logins to existing accounts (eg. loaded from other 
system).

Marek Posolda pointed me to 
https://issues.jboss.org/browse/KEYCLOAK-1036 which is rejected without 
any comment. I understand that this global setting is probably not a 
good solution, so my proposal is to add independent "User registration" 
switch into configuration of each Identity provider, so admin will get 
fine grained control.

2. Username from Social provider is used as Keycloak username during 
registration
===================================================
This can lead to the situation that user registering eg. over Twitter 
will not be able to register as other user eg. from Facebook will use 
same username there and occupy it in Keycloak as first.
My proposal is to extend configuration of each Identity provider by new 
option "Username type" which will be select from these options:

  * provided username exact - works as now, username is got from
    provider, user can't register if occupied in KC already
  * provided username unique - KC will take username from provider, if
    occupied then it adds some random number to it to create unique
    username and allow user to register
  * provided email - this is related to KEYCLOAK-1074, I need this
    option for my project. I know that email is not provided by some
    providers (eg Twitter) so I can't use them until  KEYCLOAK-1053 is
    resolved somehow

So let me know what you think about my proposals, can I implement them?

Cheers

Vlastimil

-- 
Vlastimil Elias
Principal Software Engineer
jboss.org Development Team

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150311/6df72870/attachment.html

More information about the keycloak-dev mailing list