[keycloak-user] One click social-account linking widgets on website autheticated by Keycloak JS adapter

Marek Posolda mposolda at redhat.com
Mon Aug 1 13:00:14 EDT 2016 

I think that in the future, we plan to rewrite AccountService to use 
angular + REST endpoints. That way, the applications will have an easier 
possibility to invoke REST endpoints, which are currently available just 
to AccountService (ie. linking social account).

For now,I can see the solution can be either:
- Implement your own REST endpoint with logic similar to 
AccountService.processFederatedIdentityUpdate . The endpoint will be 
triggered when you click on the "link social" button in your app.
- Implement the logic in first-broker-login flow as you pointed. Maybe 
it's so easy like just adding CookieAuthenticator to the 
first-broker-flow ? As then if user is already authenticated (which is 
determined based on SSO cookie) the flow will be finished with success 
and user will be later just linked with the social account.

Not sure which possibility is better, depends on the usecase probably.

Marek


On 27/07/16 12:56, Vlastimil Elias wrote:
> Thanks, but which URL should I use, with which parameters? I think
> createLoginUrl() creates URL which is internally used in login() and I
> tried this, but problem is on keycloak server side flow. It asks me to
> login using github, but after this it does not link this github account
> with already logged in Keycloak user, but performs common social login flow.
>
> Maybe I should somehow change "First Broker Login" flow to detect that
> user is logged in already and perform link. But I'm curious if Keycloak
> supports this case OOTB as I think it should be relatively common
> requirement.
>
> Vl.
>
> On 27.7.2016 11:34, Bruno Oliveira wrote:
>> Hi Vlastimil,
>>
>> I can be wrong, but I believe you have to call createLoginUrl[1].
>>
>> [1] - https://github.com/keycloak/keycloak/blob/5c98b8c6ae7052b2d906156d8fc212ccd9dfd57d/examples/broker/twitter-authentication/src/main/webapp/js/app.js#L39-L51
>>
>> On 2016-07-22, Vlastimil Elias wrote:
>>> Hi,
>>>
>>> we have a requirement to implement 'One click social-account linking
>>> widgets' on website autheticated by Keycloak JS adapter. To achieve this a
>>> button would be placed on the website with the following flow:
>>>
>>> 1. User logs into the website (keycloak JS adapter)
>>> 2. User browser to a part of the site requiring social account linking
>>>      (site checks linking status of current user for given social login
>>>      provider based on info in token - we wrote our mapper for this)
>>> 3. User clicks on a button to link the required social account with his
>>>      Keycloak account
>>> 4. User is directed through the linking process (which is similar as
>>>      Social Link action in Account app)
>>> 5. User is returned to original page on successful account linking
>>>      (token in js client must be refreshed to contain actual info about
>>>      social links).
>>>
>>> Is there any way how to achieve this? I tried to call JS client login method
>>> with idpHint when user is logged in (keycloak.login({"idpHint":"github"})),
>>> but it doesn't work as expected.
>>>
>>> Thanks a lot in advance
>>>
>>> Vlastimil
>>>
>>> --
>>> Vlastimil Elias
>>> Principal Software Engineer
>>> Red Hat Developer | Engineering
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> --
>>
>> abstractj
>> PGP: 0x84DC9914

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160801/fc9d1fd6/attachment.html

More information about the keycloak-user mailing list