[keycloak-dev] Cancel button options for clients
Stian Thorgersen
stian at redhat.com
Thu Sep 3 10:00:00 EDT 2015
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Thursday, 3 September, 2015 3:55:32 PM
> Subject: Re: [keycloak-dev] Cancel button options for clients
>
> Should cancel on the required action to the same thing? What do other
> sites do when cancel is executed?
Had a look around and actually I had a hard time finding a site that had a cancel or back to application at all.
I don't think we should have a cancel on required action. A required action is something that the user has to perform to continue, so it makes no sense to let them cancel it.
However, the admin initiated actions (admin sends email with reset password) should ideally have a "Back to login" or something like that
>
> On 9/3/2015 8:52 AM, Stian Thorgersen wrote:
> > +1 That's simpler and cleaner. If anyone complains it's gone we'll just
> > tell them how to add a back to app link to the template. If we get a lot
> > of people demanding it then we can introduce the option I proposed.
> >
> > ----- Original Message -----
> >> From: "Bill Burke" <bburke at redhat.com>
> >> To: keycloak-dev at lists.jboss.org
> >> Sent: Thursday, 3 September, 2015 2:36:18 PM
> >> Subject: Re: [keycloak-dev] Cancel button options for clients
> >>
> >> Maybe just remove cancel entirely for username/password page? Keep the
> >> cancel button for OTP and other screens that are deeper in the flow. If
> >> cancel is selected there, then just reset the flow and start login over.
> >> Developers can decide to put in their own "back to application"
> >> buttons or menus by changing the template file.
> >>
> >>
> >> On 9/3/2015 3:04 AM, Stian Thorgersen wrote:
> >>> Currently the cancel button always redirects to the redirect_uri with
> >>> error=access_denied. This is fine if the application wants to handle the
> >>> rejected login. However, it does require the application to add
> >>> logic/error handling to display a suitable error message to the user
> >>> instead of just a generic 400 error page.
> >>>
> >>> I propose we add a configuration option to clients for how the cancel
> >>> button is handled. Options would be:
> >>>
> >>> * None - don't display cancel button, this is useful when login is
> >>> mandatory (for example our admin console)
> >>> * Error redirect - redirect to redirect_uri with error=access_denied
> >>> * Return to app - redirect to base_url of client (if this is set base_url
> >>> would be required)
> >>> _______________________________________________
> >>> keycloak-dev mailing list
> >>> keycloak-dev at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>>
> >>
> >> --
> >> Bill Burke
> >> JBoss, a division of Red Hat
> >> http://bill.burkecentral.com
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
More information about the keycloak-dev
mailing list