[keycloak-user] Link to Account Page
Stian Thorgersen
stian at redhat.com
Thu Oct 9 04:45:35 EDT 2014
You can link to the account page with the following link:
https://<KEYCLOAK SERVER>/auth/realms/<REALM NAME>/account
You can also have an option to get a link back to your application by adding either referrer or referrer_uri query param:
* referrer - your applications id (this requires "Default Redirect URL" to be set for your application)
* referrer_uri - the uri to return to (this requires referrer_uri to be a valid redirect uri for your application)
We do this in the admin console, so you can look at how it works there. Login to the admin console, click on your username in the top-right corner, and click on 'Manage account'. In the account management there's now in the top-right corner 'Back to security-admin-console'. If you try edit the url to remove '?referrer=security-admin-console' you'll see this link is no longer there.
I've got no idea what validation you're talking about that that checks the referrer is the same as the server. Maybe it's the fact that for an update (post) we only allow a post originating from the Keycloak server? That doesn't stop you from linking to the account page, but it stops you from posting to it.
----- Original Message -----
> From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
> To: keycloak-user at lists.jboss.org
> Sent: Wednesday, 8 October, 2014 11:29:17 PM
> Subject: [keycloak-user] Link to Account Page
>
> Hello,
>
> I am trying to create a link on our application to go directly to Keycloak's
> Account Page, so the user can alter his information, but it doesn't work.
>
> I saw that there is a validation that assures that the referrer is the same
> as the server, for example: I can only access the account app inside my
> localhost:8080 if the referrer is also in localhost:8080.
>
> Is it supposed to be like this? Is there a way for me to create a hyperlink
> from my application directly to Keycloak's Account Page? Given that my own
> application is secured by Keycloak, I think it should be possible.
>
> Is this the correct behavior?
>
> Thanks again!
>
> --
> Rodrigo Sasaki
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list