keycloak-ui icon indicating copy to clipboard operation
keycloak-ui copied to clipboard
verified publisher icon keycloak

Usability of `Use discovery endpoint`

Open ssilvert opened this issue 4 years ago • 3 comments

Concerning when you try to add an OpenID Connect provider:

User is presented with a screen that has Discovery endpoint as a required field. But it isn't actually required. This field is only required if Use discovery endpoint is on. If you turn off Use discovery endpoint, the required field goes away and many more fields are revealed.

While use of the discovery endpoint to fill in the extra fields is a great feature, it is unclear to the user that there are actually three ways to fill in the fields that automatic discovery fetches for you. You can fill in the fields one of three ways:

  1. Fetch the values from the discovery endpoint.
  2. Import the values from a file.
  3. Fill in the fields manually.

A fourth way, which would be easier still, would be to choose a realm. This would only work for Keycloak OIDC providers that are available on the same server. So I don't know how common that configuration would be, but it would be really simple for the user to just pick a realm and be done with it.

I believe that the UI needs to be more explicit about the various ways to fill in these fields and the choices that are available. Currently, when the user is first presented with the screen to add an OIDC provider, it appears that option number 1 is the only option available.

ssilvert avatar Sep 29 '21 12:09 ssilvert

@ssilvert As for the Use discovery endpoint toggle, I think the current default value is in the correct direction. In the previous discussion, it is mentioned that we do want to encourage users to use a discovery endpoint instead of filling in all the fields manually. So to set the discovery endpoint as the default method makes more sense to me.

But I agree that it may be invisible that there're two other methods if you turn the toggle off. In user testing, only one user does that, which also supports this viewpoint. I think a better UI is to put these three methods in front of the users directly - we can use radio buttons - but the discovery endpoint is still the default option as we want users to choose that.

A possible looking is like this: Screen Shot 2021-09-29 at 21 16 43

For your second point, there's already an issue to address that. Do you think the solution here line with your idea?

yih-wang avatar Sep 29 '21 13:09 yih-wang

@yih-wang Yes, I like that solution.

ssilvert avatar Sep 29 '21 13:09 ssilvert

But still a Post-1.0 thing. Wouldn't want folks to spend time on redesign right now.

ssilvert avatar Sep 29 '21 13:09 ssilvert