[keycloak-dev] Shortening URLs
Stan Silvert
ssilvert at redhat.com
Fri Jan 23 08:45:20 EST 2015
I'm just thinking that we need to be careful about future name
collisions. For instance, if we need a URL that applies to the entire
auth server and we name it "foo" you would get a URL like this:
http://localhost:8080/auth/foo/
Then without the "realms" part of the URL someone could name their realm
foo and you would get a collision.
So if it's something the user needs to remember, let's make it super easy:
http://foo.com/stan
Of course then we would need to either enforce that they only create one
realm So for multiple realms we could make it:
http://realm.foo.com/stan
On 1/23/2015 8:20 AM, Stian Thorgersen wrote:
>
> ----- Original Message -----
>> From: "Stan Silvert" <ssilvert at redhat.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Friday, January 23, 2015 2:10:00 PM
>> Subject: Re: [keycloak-dev] Shortening URLs
>>
>> On 1/23/2015 8:06 AM, Stian Thorgersen wrote:
>>> ----- Original Message -----
>>>> From: "Stan Silvert" <ssilvert at redhat.com>
>>>> To: keycloak-dev at lists.jboss.org
>>>> Sent: Friday, January 23, 2015 2:01:23 PM
>>>> Subject: Re: [keycloak-dev] Shortening URLs
>>>>
>>>> I like the idea of an option to bind the auth server to the root
>>>> context. I think that would be especially good for the appliance dist.
>>>>
>>>> But I'm not sure about the rest. What is the problem we are solving?
>>> Shorter and easier to remember URLs ;)
>>>
>>> At least one the account will be something that users access directly.
>> Which one is the URL that they will need to remember? Maybe we could
>> make an alias.
> Account is accessible by users directly:
> - http://localhost:8080/auth/realms/master/account
>
> BTW why not change it? If it can make things simpler for users. Devs that don't use our adapters, but use standard openid connect libs for example, will need to figure out all urls and configure them in the lib their using.
>
>>>> On 1/23/2015 6:23 AM, Stian Thorgersen wrote:
>>>>> Our URLs are quite long, examples:
>>>>>
>>>>> * http://localhost:8080/auth/realms/master/protocols/openid-connect/login
>>>>> * http://localhost:8080/auth/realms/master/account
>>>>>
>>>>> We could remove the 'realms' part and 'protocols' parts couldn't we?
>>>>>
>>>>> * http://localhost:8080/auth/master/oidc/login
>>>>> * http://localhost:8080/auth/master/account
>>>>>
>>>>> That would require moving everything under a realm and I guess we'd need
>>>>> to
>>>>> hard-wire the protocols, but I think that should be fine.
>>>>>
>>>>> We also need to make sure we can just the root context:
>>>>>
>>>>> * http://localhost:8080/master/oidc/login
>>>>> * http://localhost:8080/master/account
>>>>>
>>>>> We can also introduce other mechanisms to select the realm. For example a
>>>>> server with single realm can just omit it altogether:
>>>>>
>>>>> * http://localhost:8080/oidc/login
>>>>> * http://localhost:8080/account
>>>>>
>>>>> And we could allow setting what domains uses what realms:
>>>>>
>>>>> * http://keycloak-master/oidc/login
>>>>> * http://keycloak-other/oidc/login
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-dev mailing list
>>>>> keycloak-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>>
More information about the keycloak-dev
mailing list