With KeyCloak as our OID provider, we'll now need the
ui components and necessary plumbing to complete the
authentication flows. Here's a tentative checklist:
-[ ] Handling sign in/register flows in our own ui.
Note that it is possible to use the html from
keycloak in an iframe. And that's what we'll be
doing to begin with.
-[ ] Setting up a login-sensor, logout button, and
all the boring but necessary ui data providers.
[!] Note that auth won't be shipped before a thorough
audit and code review to make sure:
We do not leak any data. This means, no localstorage
for storing secrets.
As much as possible, let KeyCloak be in charge of
the auth/account flows. KC is trusted and standard
package.
Ensure we ask minimum identification info. Email
should be optional. However a quick guide to clarify
the choices users have needs to be written.
prashnts
commented
4 years ago
With KeyCloak as our OID provider, we'll now need the ui components and necessary plumbing to complete the authentication flows. Here's a tentative checklist:
-[ ] Handling sign in/register flows in our own ui. Note that it is possible to use the html from keycloak in an iframe. And that's what we'll be doing to begin with. -[ ] Setting up a login-sensor, logout button, and all the boring but necessary ui data providers.
[!] Note that auth won't be shipped before a thorough audit and code review to make sure: