[keycloak-dev] Application Initiated Action

Stian Thorgersen sthorger at redhat.com
Fri Jun 28 02:12:45 EDT 2019


Required actions should run as soon as possible. As such required actions
should execute prior to an AIA. We should probably consider checking what
required actions have executed though to make sure that a single action is
not triggered multiple times. So if an AIA is the same action as a required
action that has already been done, then perhaps it should be skipped as it
has already been done?

On Thu, 27 Jun 2019 at 22:30, Stan Silvert <ssilvert at redhat.com> wrote:

> An AIA is initiated with an auth request.  So before the AIA runs, any
> required actions set by the admin will run.
>
> Is that OK or should we skip any other required action?
>
> I think it definitely makes sense if you are logging in to do the AIA.
> For instance, admin wants user to update his profile.  User does an AIA
> for change password, but he is not logged in.
> 0) User is presented with login screen and logs in.
> 1) User is presented with "update profile" screen.
> 2) User is presented with "change password screen.
> 3) User is redirected back to his app.
>
> User does an AIA for change password, but he is already logged in.:
> 1) User is presented with "update profile" screen.
> 2) User is presented with "change password screen.
> 3) User is redirected back to his app.
>
> Is that OK, or should step 1 be skipped in the second scenario?
>
>
> On 5/6/2019 2:50 AM, Stian Thorgersen wrote:
> > Last chance to comment on Application Initiated Action design:
> >
> > https://github.com/keycloak/keycloak-community/pull/7
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev


More information about the keycloak-dev mailing list