[keycloak-dev] Application Initiated Action

Stan Silvert ssilvert at redhat.com
Fri Jun 28 07:14:48 EDT 2019 

On 6/28/2019 2:12 AM, Stian Thorgersen wrote:
> Required actions should run as soon as possible. As such required 
> actions should execute prior to an AIA. We should probably consider 
> checking what required actions have executed though to make sure that 
> a single action is not triggered multiple times. So if an AIA is the 
> same action as a required action that has already been done, then 
> perhaps it should be skipped as it has already been done?
It looks like the logic must already be there to avoid duplicates. I 
haven't found where in the code this happens, but it seems to be working 
properly by default.

>
> On Thu, 27 Jun 2019 at 22:30, Stan Silvert <ssilvert at redhat.com 
> <mailto:ssilvert at redhat.com>> wrote:
>
>     An AIA is initiated with an auth request.  So before the AIA runs,
>     any
>     required actions set by the admin will run.
>
>     Is that OK or should we skip any other required action?
>
>     I think it definitely makes sense if you are logging in to do the
>     AIA.
>     For instance, admin wants user to update his profile.  User does
>     an AIA
>     for change password, but he is not logged in.
>     0) User is presented with login screen and logs in.
>     1) User is presented with "update profile" screen.
>     2) User is presented with "change password screen.
>     3) User is redirected back to his app.
>
>     User does an AIA for change password, but he is already logged in.:
>     1) User is presented with "update profile" screen.
>     2) User is presented with "change password screen.
>     3) User is redirected back to his app.
>
>     Is that OK, or should step 1 be skipped in the second scenario?
>
>
>     On 5/6/2019 2:50 AM, Stian Thorgersen wrote:
>     > Last chance to comment on Application Initiated Action design:
>     >
>     > https://github.com/keycloak/keycloak-community/pull/7
>     > _______________________________________________
>     > keycloak-dev mailing list
>     > keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>     _______________________________________________
>     keycloak-dev mailing list
>     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

More information about the keycloak-dev mailing list