I am able to enable ‘remember me’ so that the user is not logged out when they use username/password form and check the ‘remember me’ box. I believe it sets a REMEMBER_ME cookie in the users browser
However, i am not sure how i can do this for social login (e.g. google/facebook) Is there anyway to add the ‘remember me’ checkbox for social logins, and have it behave the same way as for username/password logins?
If it is not natively supported, what parts of the code should i look at to add this functionality?
This is possible, but it is not natively supported in the Keycloak standard distribution. You would have to build a couple of custom Authenticators to store a cookie with the user’s social IdP, and do an IdP redirect when that cookie is encountered during an authentication flow. Look at these two built-in Authenticators to see how those things work:
The solution provided by @xgp is to remember the IDP used by the user and automatically redirect it and does not address how to implement the REMEMBER_ME functionality for Identity providers. After doing a bit of debugging, my understanding is we need to somehow convert the following session cookies to persistent cookies which are created by AuthenticationManager
KEYCLOAK_IDENTITY_LEGACY
KEYCLOAK_IDENTITY
KEYCLOAK_SESSION_LEGACY
KEYCLOAK_SESSION
I did not find an easy way for overriding the creation of these cookies using custom authenticator, but what worked for me is running custom authenticator as part of Post login flow in the identity provider as done by username and password authenticator. Code reference here
@sirishkumar Could you verify that the KEYCLOAK_IDENTITY and KEYCLOAK_IDENTITY_LEGACY cookie have a set expiration date, rather than a “session” lifetime?
I had a in-depth look through the code you linked and the whole flow.
From what I saw, I think this is the right approach!
What I’m not sure about is what the context.getEvent().detail(Details.REMEMBER_ME, "true"); would do, if added.