Skip to content

Prevent the username field from being rendered when running the identity-first login flow #43616

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ahus1 merged 1 commit into from
Oct 23, 2025
Merged

Prevent the username field from being rendered when running the identity-first login flow #43616

ahus1 merged 1 commit into from
Oct 23, 2025

Conversation

@pedroigor
Copy link
Contributor

@pedroigor pedroigor commented Oct 20, 2025
edited
Loading

Closes #43091

  • Introducing an authentication note to force hiding the username. The AbstractUsernameFormAuthenticator#USERNAME_HIDDEN should be set by authenticators that are executed before the username and password form to make sure their intent is respected when hiding the username field.
  • With this note set in the authentication session, the form will always be set LoginFormsProvider.USERNAME_HIDDEN to true.
  • We can change places where authenticators are manually setting the LoginFormsProvider.USERNAME_HIDDEN to use this new session note. However, it will require changes not strictly related to the original issue. IMO, we should also enforce a behavior different than what we have today, where once a username is provided, we always show the attempted-username field so that users can restart the flow if they want. I think it is a better UX and I can create an issue for it, if you think it makes sense.
  • For now, this note/behavior is very specific to organizations, and when the flow starts with the identity-first login flow.

@pedroigor pedroigor requested review from a team as code owners October 20, 2025 20:29
@pedroigor pedroigor mentioned this pull request Oct 20, 2025
Closed
2 tasks
@ahus1 ahus1 merged commit e4d4570 into keycloak:main Oct 23, 2025
79 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ahus1 ahus1 ahus1 approved these changes

+1 more reviewer

@vramik vramik vramik approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

team/cloud-native team/core-clients team/core-iam

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Duplicate Email Fields on Temporarily Locked Out Sign In With Organization Identity-First Login

3 participants

@pedroigor @vramik @ahus1