[keycloak-dev] Shortening URLs
Stian Thorgersen
stian at redhat.com
Fri Jan 23 08:20:11 EST 2015
----- Original Message -----
> From: "Stan Silvert" <ssilvert at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Friday, January 23, 2015 2:10:00 PM
> Subject: Re: [keycloak-dev] Shortening URLs
>
> On 1/23/2015 8:06 AM, Stian Thorgersen wrote:
> >
> > ----- Original Message -----
> >> From: "Stan Silvert" <ssilvert at redhat.com>
> >> To: keycloak-dev at lists.jboss.org
> >> Sent: Friday, January 23, 2015 2:01:23 PM
> >> Subject: Re: [keycloak-dev] Shortening URLs
> >>
> >> I like the idea of an option to bind the auth server to the root
> >> context. I think that would be especially good for the appliance dist.
> >>
> >> But I'm not sure about the rest. What is the problem we are solving?
> > Shorter and easier to remember URLs ;)
> >
> > At least one the account will be something that users access directly.
> Which one is the URL that they will need to remember? Maybe we could
> make an alias.
Account is accessible by users directly:
- http://localhost:8080/auth/realms/master/account
BTW why not change it? If it can make things simpler for users. Devs that don't use our adapters, but use standard openid connect libs for example, will need to figure out all urls and configure them in the lib their using.
> >
> >> On 1/23/2015 6:23 AM, Stian Thorgersen wrote:
> >>> Our URLs are quite long, examples:
> >>>
> >>> * http://localhost:8080/auth/realms/master/protocols/openid-connect/login
> >>> * http://localhost:8080/auth/realms/master/account
> >>>
> >>> We could remove the 'realms' part and 'protocols' parts couldn't we?
> >>>
> >>> * http://localhost:8080/auth/master/oidc/login
> >>> * http://localhost:8080/auth/master/account
> >>>
> >>> That would require moving everything under a realm and I guess we'd need
> >>> to
> >>> hard-wire the protocols, but I think that should be fine.
> >>>
> >>> We also need to make sure we can just the root context:
> >>>
> >>> * http://localhost:8080/master/oidc/login
> >>> * http://localhost:8080/master/account
> >>>
> >>> We can also introduce other mechanisms to select the realm. For example a
> >>> server with single realm can just omit it altogether:
> >>>
> >>> * http://localhost:8080/oidc/login
> >>> * http://localhost:8080/account
> >>>
> >>> And we could allow setting what domains uses what realms:
> >>>
> >>> * http://keycloak-master/oidc/login
> >>> * http://keycloak-other/oidc/login
> >>>
> >>>
> >>> _______________________________________________
> >>> keycloak-dev mailing list
> >>> keycloak-dev at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
>
>
More information about the keycloak-dev
mailing list