With KeyCloak as our OID provider, we'll now need the
ui components and necessary plumbing to complete the
authentication flows. Here's a tentative checklist:
-[ ] Handling sign in/register flows in our own ui.
Note that it is possible to use the html from
keycloak in an iframe. And that's what we'll be
doing to begin with.
-[ ] Setting up a login-sensor, logout button, and
all the boring but necessary ui data providers.
[!] Note that auth won't be shipped before a thorough
audit and code review to make sure:
We do not leak any data. This means, no localstorage
for storing secrets.
As much as possible, let KeyCloak be in charge of
the auth/account flows. KC is trusted and standard
package.
Ensure we ask minimum identification info. Email
should be optional. However a quick guide to clarify
the choices users have needs to be written.
With KeyCloak as our OID provider, we'll now need the ui components and necessary plumbing to complete the authentication flows. Here's a tentative checklist:
-[ ] Handling sign in/register flows in our own ui. Note that it is possible to use the html from keycloak in an iframe. And that's what we'll be doing to begin with. -[ ] Setting up a login-sensor, logout button, and all the boring but necessary ui data providers.
[!] Note that auth won't be shipped before a thorough audit and code review to make sure: