[keycloak-dev] browser backbutton
Stian Thorgersen
sthorger at redhat.com
Wed Jan 20 13:48:12 EST 2016
Firstly, let's drop KEYCLOAK-2325 from 1.8 and see if we can fix it for 1.9.
Secondly, the back button should not navigate backwards in the flow. Also,
the refresh button should just redisplay the page as it does now (ignoring
the post). A couple ideas to improve things though:
1) Set cache-control to "Cache-Control: no-store, must-revalidate,
max-age=0". This should force a reload of the page when the user clicks the
back button
2) Can we add a back link to some steps in the flow?
3) Can we add a cancel link to some steps in the flow?
4) If a user clicks the back button in the browser depending on where we
are in the flow I think we should either take the user back to the first
step (cancel), go back one step or just reshow the same page
By setting the cache as I suggested in 1 I actually think the browser will
just complain when you navigate back to a page that does a post.
On 20 January 2016 at 16:43, Bill Burke <bburke at redhat.com> wrote:
> Seems jboss.org guys don't like that the browser backbutton doesn't
> work. The question is, do we want to rework the auth spi to allow for
> backbutton? I'm not sure its even feasible or not.
> https://issues.jboss.org/browse/KEYCLOAK-2325
>
> REFRESH BUTTON
> * Refresh button will repost form data to the URL that is contained in
> the browser url window.
> * In Keycloak 1.6, I added redirects after successful actions. The
> redirect would redirect you off of the last URL. This helped a lot with
> refresh button as form data wasn't posted to old form URLs.
> * In Keycloak 1.8 I removed the redirects because jboss.org complained
> about the performance of the extra redirects. To allow refresh button
> to work, keycloak would just ignore posts to old form urls and just
> display the current state of the flow.
>
> BACK BUTTON
> * Adding support for the back button would require Keycloak to unwind
> actions that have already been successful. This probably requires a
> callback method on the auth spi to do this.
> * Since there are no more redirects, another problem is that keycloak
> would not be able to distinguish between a page refresh button and a
> backbutton/form resubmit.
>
> Is this something we can put off until 2.0? I currently don't know how
> to solve all three issues with the current design: refresh button, back
> button, and performance.
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160120/534fc763/attachment.html
More information about the keycloak-dev
mailing list