[keycloak-dev] Custom Social Login with qr code instead of a link (feature request?)
Stefan Guilhen
sguilhen at redhat.com
Mon Aug 5 08:51:45 EDT 2019
Hi Victor,
If you set your IDP as the default provider for the realm (or use the
kc_idp_hint param in the request) Keycloak will go directly to the auth
page of the IDP, skipping the IDP selection screen and thus not requiring
users to click the IDP button.
Would that cover your use case?
On Mon, Aug 5, 2019, 09:02 kkzxak47 <kkzxak47 at gmail.com> wrote:
> Hi,
> I'm new to keycloak and trying to implement a SSO service.
> I have successfully implemented a 3rd party identity provider and it
> appeared in the "social.providers" list, it's working fine.
> Now I want to take a step further. By clicking the social login button,
> browser will take me to another IdP's login page which is a qr code. I want
> to skip this "click" step and show that qr code directly on the login page
> side by side with the username login form, like this:
> [image: bc818ea6-0100-4b19-ad6b-a42078f6266e.png]
> I achieved it in a hacky way: "click" that button and load that page in
> an iFrame with javascript.
> The rationale is: This is THE login page and we finish login process
> right here, click "Log in" or scan the qr code. Period.
> But this method is not ideal for two reasons,
> First, I can't "click" the button on the page directly because it
> will break username/password login form, that way if I then click "Log in"
> button it will tell me: "Action expired. Please continue with login now."
> So I have to replicate current login page in a new tab (a new tab session)
> and grab the link from there to avoid breaking login form (in javascript).
> Second, this will not work when user inputed wrong
> username/password combination, then the url would change to for example "
>
> https://keycloak.example.com/auth/realms/test/login-actions/authenticate?execution=5c60566c-2855-4f40-a2a9-ef541ffc4f9f&client_id=account&tab_id=EkyV1PLiTcQ
> <
> https://keycloak.xsts.xyz/auth/realms/xs-internal/login-actions/authenticate?execution=5c60566c-2855-4f40-a2a9-ef541ffc4f9f&client_id=account&tab_id=EkyV1PLiTcQ
> >",
> here replicating the page will not give me a new tab session. So I have to
> disable the "click" feature in this page or the username/password form
> would again break:
> [image: 3e27aef4-ab08-4e98-a6ad-06325d9f9de0.png]
> So I was wondering if there is a proper way to achieve this, what is
> your thought. Or in your opinion this is not a good use case at all and I
> should stop right here.
> I read the manual carefully so I felt reluctant to post this question
> here. But I got no response from keycloak-user mailing list in two weeks so
> this is my last resort.
> Thank you for your attention.
>
> Victor Z.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list