[keycloak-dev] client templates and default mappers
Stian Thorgersen
sthorger at redhat.com
Thu Dec 17 03:54:55 EST 2015
On 16 December 2015 at 14:19, Marek Posolda <mposolda at redhat.com> wrote:
> On 15/12/15 18:26, Bill Burke wrote:
> > What to do with default mappers and clients and client templates?
> >
> > When you create a client, it automatically adds default mappers for each
> > protocol. Now with client teampltes, if you create a client and specify
> > a client template when you create it, it will not add default mappers to
> > the client. Sound like right behavior?
> IMO yes. This also adds possibility that your client will be created
> with some builtin mappers removed by default.
> >
> > When creating a client template, should efault mappers be added to the
> > temaplte automatically? Or should the user have to manually add them?
> IMO it's better if he needs to manually add them. He can already add
> builtin mappers very easily if he wants to, so doesn't sound like
> usability issue that default mappers are not there.
> >
> > The mappers tab of a client will have a link "view template mappers"
> > which will bring you to the template's mapper page. You will be able to
> > add additional mappers to your client, but you will not be able to
> > override a template's mappers.
> >
> > Sound cool enough?
> >
> I think yes.
>
> Another possibility is that on client setup, there will be list of
> checkboxes with mappers inherited from the parent. And all the
> checkboxes (mappers) will be checked by default. Admin has possibility
> to uncheck some inherited mappers. That adds possibility for admin to
> remove some inherited mappers.
>
> Is it sufficient to support just one client template for client? I guess
> yes, but not sure...
>
Client templates would be useful when there's a set of standard claims that
a group of clients expects in a token. Allowing individual clients to
add/remove/override those standard claims makes little sense. I also don't
think there's a need for a client to be able to inherit from multiple
templates.
>
> Marek
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151217/e69c5530/attachment.html
More information about the keycloak-dev
mailing list