Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Google login - add prompt=select_account option #16750

Open
EvgeniGordeev opened this issue Jan 31, 2023 · 2 comments
Open

Google login - add prompt=select_account option #16750

EvgeniGordeev opened this issue Jan 31, 2023 · 2 comments
Labels
area/core kind/enhancement Categorizes a PR related to an enhancement status/triage team/core-iam

Comments

@EvgeniGordeev
Copy link

EvgeniGordeev commented Jan 31, 2023
edited

Description

Google configuration page does not let configure prompt param to be passed to google login.

Scenario:

  1. Use Google for login
  2. User chooses google account
  3. User realizes they logged in with the wrong google account and restart the login process.
    Issue: user cannot get to google select account any more and is stuck with the first google account. If multiple google sessions are authenticated for given user then google account picker is displayed.
    Expected: even if there is a single authenticated google session client can request an account picker with query param prompt=select_account. Thus Google configuration page on Identity Providers must support setting prompt param.

Discussion

No response

Motivation

Make google login more user-friendly on single authenticated google session with prompt=select_account.

Details

Workaround:

add CustomGoogleIdentityProviderFactory to META-INF/services/org.keycloak.broker.social.SocialIdentityProviderFactory file

public class CustomGoogleIdentityProviderFactory extends GoogleIdentityProviderFactory {
    @Override
    public GoogleIdentityProvider create(KeycloakSession session, IdentityProviderModel model) {
        return new CustomGoogleIdentityProvider(session, new GoogleIdentityProviderConfig(model));
    }
}

...
public class CustomGoogleIdentityProvider extends GoogleIdentityProvider {
    public CustomGoogleIdentityProvider(KeycloakSession session, GoogleIdentityProviderConfig config) {
        super(session, config);
    }

    @Override
    protected UriBuilder createAuthorizationUrl(AuthenticationRequest request) {
        UriBuilder uriBuilder = super.createAuthorizationUrl(request);
        uriBuilder.queryParam("prompt", "select_account");
        return uriBuilder;
    }
}

Cloned from #14258.
@EvgeniGordeev EvgeniGordeev added kind/enhancement Categorizes a PR related to an enhancement status/triage labels Jan 31, 2023
@jonkoops
Copy link
Contributor

Not entirely sure this is an issue related to the UI of Keycloak, sounds more like a logic issue. @ssilvert WDYT?

@ssilvert
Copy link
Contributor

ssilvert commented Jan 31, 2023
edited

@jonkoops It's not a UI issue. But it sounds like a good enhancement. It's for core or maybe a more specific area. I'm moving this to keycloak/keycloak repo. Not sure which area label is correct, so hoping core team can sort it out.

@ssilvert ssilvert transferred this issue from keycloak/keycloak-ui Jan 31, 2023
@EvgeniGordeev EvgeniGordeev mentioned this issue Apr 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/core kind/enhancement Categorizes a PR related to an enhancement status/triage team/core-iam
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ssilvert @jonkoops @stianst @EvgeniGordeev