[keycloak-dev] Associate social account with IDM user

Stian Thorgersen stian at redhat.com
Tue Aug 13 07:54:37 EDT 2013 

FIY I've added a bunch of issues around social integration to JIRA:

https://issues.jboss.org/issues/?jql=project%20%3D%2012313920%20AND%20labels%20%3D%20social

----- Original Message -----
> From: "Marek Posolda" <mposolda at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Tuesday, 13 August, 2013 12:43:36 PM
> Subject: Re: [keycloak-dev] Associate social account with IDM user
> 
> Hi,
> 
> Here is Marek Posolda from GateIn/JPP software engineering :-)
> 
> Picketlink IDM is quite flexible and I think that there are more
> possibilities how to map it. What I am thinking about could be:
> 
> 1) Map the attributes related to all social providers directly as part
> of User itself. UserAdapter object (and also user representation in
> Picketlink) has support for dynamic attributes via method
> setAttribute/getAttribute . So it should be possible to use attributes
> with any name and just prefix them for given social network (For
> example: attribute "social.facebook.username" could be used for saving
> of Facebook username, attribute "social.google.username" for saving of
> google username or email)

IMO this is the simplest and best approach. It's how I did it in IdB and worked well there. I can't see any particular drawbacks to this approach.

> 
> 2) Create another Relationship adapter object and store the informations
> as relationship between User and Social provider. Picketlink supports
> attributes to be part of any Relationship, so it should be possible to
> achieve this.

Another option I was thinking about is if we could add a custom social credential type.

> 
> Another thing is, how to wire some social provider with existing User
> accounts in UI. Actually the Social links are available just on
> registration page, which is for anonymous user.
> 
> Marek
> 
> On 13.8.2013 12:43, Stian Thorgersen wrote:
> > We need to be able to associate multiple social providers with an IDM user.
> > At the moment this is not based on the username of the account (for
> > example google.23897892sdf). This has to main drawbacks:
> >
> > * Horrible username
> > * Can only associate a single social account with an IDM user
> >
> > What is the best way to store this information? We mainly need to store
> > what social providers a user has linked and the social userid. In the
> > future we may also want to associate access tokens as well. We also need
> > to lookup a user based on the social provider + social userid.
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 
>

More information about the keycloak-dev mailing list