[keycloak-dev] immutable ClaimType name?
Marek Posolda
mposolda at redhat.com
Mon Feb 16 02:25:04 EST 2015
+1, I am not seeing any issues with having claim type name unique per
realm and reference claim types by name.
Marek
On 13.2.2015 16:39, Bill Burke wrote:
> Actually I'll take some of that back... at Id won't be a name. I'll
> generate an ID so that different realms can have different claim types
> of the same name but different characteristics. Protocol claim mappings
> and user claim value storage will still reference the claim type by name
> and the claim type name will be immutable.
>
> On 2/13/2015 10:37 AM, Bill Burke wrote:
>> I need some advice here. I'm trying to figure out how to model a
>> ClaimType for our persistent store. I'm thinking that the @Id of the
>> ClaimType will be the name of the claim itself (phone, street, etc.).
>> The name will be immutable once created.
>>
>> Why do it this way?
>>
>> * Simpler to store. UserModel can just have a Map<String, String> of
>> claim values
>> * More importantly, human readable files (json imports, and our
>> FileBased store) will be able to reference the claim type by name rather
>> than id. Users crafting an import file will not have to specify an ID
>> anywhere or generate one. This claim type is going to be referenced in
>> a few places:
>> - protocol claim mapping
>> - user claim value store
>>
>> That sound ok?
>>
More information about the keycloak-dev
mailing list