2016-05-26 16:09:04 +00:00
=== Client Suggested Identity Provider
2016-06-05 21:22:42 +00:00
Each identity provider has an option `Authenticate By Default`, which allows that Identity provider to be automatically selected during authentication.
The user won't see the {{book.project.name}} login page and will instead be automatically redirected to the default identity provider.
2016-05-26 16:09:04 +00:00
2016-05-27 15:23:34 +00:00
OIDC applications can also bypass the {{book.project.name}} login page by specifying a hint on which
identity provider they want to use.
This is done by appending the `kc_idp_hint` query parameter in the Authorization Code Flow authorization endpoint.
2016-05-26 16:09:04 +00:00
2016-05-27 15:23:34 +00:00
{{book.project.name}} OIDC client adapters also allow you to specify this query parameter when you access a secured resource
at the application.
2016-05-26 16:09:04 +00:00
2016-05-27 15:23:34 +00:00
For example
2016-05-26 16:09:04 +00:00
[source,java]
----
GET /myapplication.com?kc_idp_hint=facebook HTTP/1.1
Host: localhost:8080
----
In this case, is expected that your realm has an identity provider with an alias `facebook`.
If you are using `keycloak.js` adapter, you can also achieve the same behavior:
[source,java]
----
var keycloak = new Keycloak('keycloak.json');
keycloak.createLoginUrl({
idpHint: 'facebook'
});
----