Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-9520

Support for easy re-login with different parameters in java adapters

    XMLWordPrintable

Details

    • Feature Request
    • Status: Closed
    • Major
    • Resolution: Out of Date
    • 4.8.3.Final
    • None
    • Adapter - JEE
    • None

    Description

      Currently java adapters have some way to "customize" the login request sent to OIDC authentication endpoint. This is possible through "Parameters forwarding" to add things like custom "scope", "prompt" etc. However parameter forwarding is impossible to use if user is already authenticated. Hence things like for example "Incremental scope" are not easily possible now.

      It will be nice to have easy way in java adapter to re-trigger redirection to OIDC authentication endpoint in case that user is already authenticated. This will be nice to support things like Incremental scope, Incremental authentication and many other use-cases.

      The possible API how it will look like in the user's application, which want to re-trigger login (bypass SSO) and add additional scope to current scope (Incremental scope use-case) :

      KeycloakLoginRedirect loginRedirect = KeycloakLoginRedirectBuilder        
              .scope(currentAccessToken.getScope() + " phone")
              .prompt("login")
              .build();
      
      // This will ensure that adapter will do all necessary things (EG. generate and save "state" )
      getKeycloakSecurityContext().sendRedirectToLogin(loginRedirect);
      

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              mposolda@redhat.com Marek Posolda
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: