[keycloak-dev] Associate social account with IDM user

Marek Posolda mposolda at redhat.com
Tue Aug 13 08:35:53 EDT 2013 

yeah, exactly. I saw them. I've started to look at KeyCloak last week 
and sent first PR for Facebook integration. Hope to contribute more 
things soon:-)

I am also quite familiar with IDM and the flexible model, which it 
provides, so I know that this is possible with it. I think that 
Relationship adapter is the way to go.

Marek

On 13.8.2013 13:47, Bill Burke wrote:
> If you look at the code you can see I've done these types of strategies
> to get things working.  I have my own custom classes/entities for Realm
> and APplication.  Custom relationships for required credentials, etc...
>    There's still some bugs in Picketlink, so you can see some of the code
> might do weird things.  I hope these get fixed later on.
>
> On 8/13/2013 7:43 AM, Marek Posolda wrote:
>> Hi,
>>
>> Here is Marek Posolda from GateIn/JPP software engineering :-)
>>
>> Picketlink IDM is quite flexible and I think that there are more
>> possibilities how to map it. What I am thinking about could be:
>>
>> 1) Map the attributes related to all social providers directly as part
>> of User itself. UserAdapter object (and also user representation in
>> Picketlink) has support for dynamic attributes via method
>> setAttribute/getAttribute . So it should be possible to use attributes
>> with any name and just prefix them for given social network (For
>> example: attribute "social.facebook.username" could be used for saving
>> of Facebook username, attribute "social.google.username" for saving of
>> google username or email)
>>
>> 2) Create another Relationship adapter object and store the informations
>> as relationship between User and Social provider. Picketlink supports
>> attributes to be part of any Relationship, so it should be possible to
>> achieve this.
>>
>> Another thing is, how to wire some social provider with existing User
>> accounts in UI. Actually the Social links are available just on
>> registration page, which is for anonymous user.
>>
>> Marek
>>
>> On 13.8.2013 12:43, Stian Thorgersen wrote:
>>> We need to be able to associate multiple social providers with an IDM user. At the moment this is not based on the username of the account (for example google.23897892sdf). This has to main drawbacks:
>>>
>>> * Horrible username
>>> * Can only associate a single social account with an IDM user
>>>
>>> What is the best way to store this information? We mainly need to store what social providers a user has linked and the social userid. In the future we may also want to associate access tokens as well. We also need to lookup a user based on the social provider + social userid.
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>

More information about the keycloak-dev mailing list