[keycloak-dev] Create Principal instance with username instead?

Bill Burke bburke at redhat.com
Fri Oct 31 11:42:24 EDT 2014 

For the principal name right?  Yeah, I can make it configurable.

On 10/31/2014 9:24 AM, Red Samh wrote:
>
> I was going to email regarding this.
>
> Thanks for bringing this up.  We see the guid or something where it
> should be the username. Can this be configurable to use the email address?
>
> Thanks
> Sam
>
> On Oct 31, 2014 8:29 AM, "Bill Burke" <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
>     I'll add a flag to the adapter then.  The reason is, again, pure servlet
>     apps, like BRMS that display the principal name in their UI.
>
>     On 10/31/2014 3:11 AM, Stian Thorgersen wrote:
>      > -1
>      >
>      > We should stick with ID as we can guarantee that it's unique (in
>     the future).
>      >
>      > If app starts using the username in their dbs you can end up with
>     situations where the wrong user gets access to things he shouldn't.
>     For example:
>      >
>      > * If user with username userA is removed from Keycloak, then
>     later a new user is registered as userA
>      > * If we support changing username in the future (this is on the
>     road-map, and IMO it makes sense to add this with a toggle in the
>     realm to enable/disable)
>      >
>      > What difference does it make if it's ugly? If apps wants to
>     display details about the user they should get the profile. Sadly
>     there's no direct support for this in Principal.
>      >
>      > ----- Original Message -----
>      >> From: "Bill Burke" <bburke at redhat.com <mailto:bburke at redhat.com>>
>      >> To: keycloak-dev at lists.jboss.org
>     <mailto:keycloak-dev at lists.jboss.org>
>      >> Sent: Thursday, 30 October, 2014 11:29:59 PM
>      >> Subject: [keycloak-dev] Create Principal instance with username
>     instead?
>      >>
>      >> Right no UserPrincipal is created in the adapters using the user id.
>      >> For strictly pure Servlet apps, an ID is pretty ugly.  I don't
>     want to
>      >> force them to use keycloak code.
>      >>
>      >> So...is it ok to populate the principal name with
>      >> accessToken.getPreferredUsername()?
>      >>
>      >> --
>      >> Bill Burke
>      >> JBoss, a division of Red Hat
>      >> http://bill.burkecentral.com
>      >> _______________________________________________
>      >> keycloak-dev mailing list
>      >> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>      >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>      >>
>
>     --
>     Bill Burke
>     JBoss, a division of Red Hat
>     http://bill.burkecentral.com
>     _______________________________________________
>     keycloak-dev mailing list
>     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list