Consent screen enhancement #8495
Replies: 5 comments 2 replies
-
|
I think it would be good to have these attributes manageable as provided in your PRs. We have a theme in use which makes use of client attributes like
So we don't use a logo but a name of the legal entity which is requesting access. Note: I would name it logo, policy and terms of use URLs (not URI), because it is expected that a policy URL is a web address which provides the policy text. |
Beta Was this translation helpful? Give feedback.
-
|
We agree. It is essential the consent screen enhancement. We add Logo URI, Policy URI and Terms of Use URI because these fields are part of OIDC and SAML specification and are widely used. We do not have problem to add in the PRs the legalEntity as an extra field, if you and Keycloak team wants. However, we want extra details. |
Beta Was this translation helpful? Give feedback.
-
|
Legal entity is the name of the company which is responsible for the client application (plain string). In your screen you already have the section "Make sure you trust by ...". It should be possible to mention the legal entity here, e.g. "Make sure you provided by ...". When compared with SAML the Organization.OrganizationName is the thing which I called legal entity. We could also call it organizationName and drop the term legalEntity. OIDC Dynamic Client Registration spec seems to ignore the fact, that a user has to trust the organization which is responsible for the app and not the app itself. Many consent screens in the internet do mention the application name AND the responsible organization in the their text and lawyers will also state that this is required. |
Beta Was this translation helpful? Give feedback.
-
|
@pedroigor @mposolda FIY |
Beta Was this translation helpful? Give feedback.
-
|
@cgeorgilakis IMO, this proposal makes a lot of sense and should help to avoid having to customize templates to just include that quite common set of information. I would recommend you to create a single PR though. I think it makes more sense because they are related. |
Beta Was this translation helpful? Give feedback.
-
|
@pedroigor I follow your suggestion and I create a single PR here. Only an important general problem for here. |
Beta Was this translation helpful? Give feedback.
-
|
@cgeorgilakis Thanks a lot. I have added some comments to the PR. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
However, Logo URI, Policy URI and Terms of Use URI are not shown in the consent screen.
These three parts are described in OIDC and SAML documentation. Moreover, they are widely used in other applications. We believe that Keycloak consent screen must optionally contains Logo URI, Policy URI and Terms of Use URI.
We have already made two PRs in order to add this enhancement. One PR for add required attributes to Client, another PR for consent screen enhancement. We could merge two PRs to one, if you want.
What is your opinion? Could you please review these PRs?
Beta Was this translation helpful? Give feedback.
All reactions