[keycloak-dev] Shortening URLs
Stian Thorgersen
stian at redhat.com
Fri Jan 23 09:13:02 EST 2015
----- Original Message -----
> From: "Stan Silvert" <ssilvert at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Friday, January 23, 2015 3:06:44 PM
> Subject: Re: [keycloak-dev] Shortening URLs
>
> On 1/23/2015 8:52 AM, Stian Thorgersen wrote:
> >
> > ----- Original Message -----
> >> From: "Stan Silvert" <ssilvert at redhat.com>
> >> To: keycloak-dev at lists.jboss.org
> >> Sent: Friday, January 23, 2015 2:47:20 PM
> >> Subject: Re: [keycloak-dev] Shortening URLs
> >>
> >> On 1/23/2015 8:45 AM, Stan Silvert wrote:
> >>> So if it's something the user needs to remember, let's make it super
> >>> easy:
> >>>
> >>> http://foo.com/stan
> >>>
> >>> Of course then we would need to either enforce that they only create one
> >>> realm So for multiple realms we could make it:
> >>>
> >>> http://realm.foo.com/stan
> >> I mean http://realmname.foo.com
> > I don't think that'll work - if we drop '/realms/' part we would have to
> > move everything under a realm
> The simplified URL would only be for that one use case we need to
> solve. Everything else would work the old way.
>
> I'm just thinking that if there is something the user needs to memorize
> then we should make it really, really easy to memorize.
What I suggested in the first place makes everything much easier.
> >
> >>> On 1/23/2015 8:20 AM, Stian Thorgersen wrote:
> >>>> ----- Original Message -----
> >>>>> From: "Stan Silvert" <ssilvert at redhat.com>
> >>>>> To: "Stian Thorgersen" <stian at redhat.com>
> >>>>> Cc: keycloak-dev at lists.jboss.org
> >>>>> Sent: Friday, January 23, 2015 2:10:00 PM
> >>>>> Subject: Re: [keycloak-dev] Shortening URLs
> >>>>>
> >>>>> On 1/23/2015 8:06 AM, Stian Thorgersen wrote:
> >>>>>> ----- Original Message -----
> >>>>>>> From: "Stan Silvert" <ssilvert at redhat.com>
> >>>>>>> To: keycloak-dev at lists.jboss.org
> >>>>>>> Sent: Friday, January 23, 2015 2:01:23 PM
> >>>>>>> Subject: Re: [keycloak-dev] Shortening URLs
> >>>>>>>
> >>>>>>> I like the idea of an option to bind the auth server to the root
> >>>>>>> context. I think that would be especially good for the appliance
> >>>>>>> dist.
> >>>>>>>
> >>>>>>> But I'm not sure about the rest. What is the problem we are solving?
> >>>>>> Shorter and easier to remember URLs ;)
> >>>>>>
> >>>>>> At least one the account will be something that users access directly.
> >>>>> Which one is the URL that they will need to remember? Maybe we could
> >>>>> make an alias.
> >>>> Account is accessible by users directly:
> >>>> - http://localhost:8080/auth/realms/master/account
> >>>>
> >>>> BTW why not change it? If it can make things simpler for users. Devs
> >>>> that
> >>>> don't use our adapters, but use standard openid connect libs for
> >>>> example,
> >>>> will need to figure out all urls and configure them in the lib their
> >>>> using.
> >>>>
> >>>>>>> On 1/23/2015 6:23 AM, Stian Thorgersen wrote:
> >>>>>>>> Our URLs are quite long, examples:
> >>>>>>>>
> >>>>>>>> *
> >>>>>>>> http://localhost:8080/auth/realms/master/protocols/openid-connect/login
> >>>>>>>> * http://localhost:8080/auth/realms/master/account
> >>>>>>>>
> >>>>>>>> We could remove the 'realms' part and 'protocols' parts couldn't we?
> >>>>>>>>
> >>>>>>>> * http://localhost:8080/auth/master/oidc/login
> >>>>>>>> * http://localhost:8080/auth/master/account
> >>>>>>>>
> >>>>>>>> That would require moving everything under a realm and I guess we'd
> >>>>>>>> need
> >>>>>>>> to
> >>>>>>>> hard-wire the protocols, but I think that should be fine.
> >>>>>>>>
> >>>>>>>> We also need to make sure we can just the root context:
> >>>>>>>>
> >>>>>>>> * http://localhost:8080/master/oidc/login
> >>>>>>>> * http://localhost:8080/master/account
> >>>>>>>>
> >>>>>>>> We can also introduce other mechanisms to select the realm. For
> >>>>>>>> example a
> >>>>>>>> server with single realm can just omit it altogether:
> >>>>>>>>
> >>>>>>>> * http://localhost:8080/oidc/login
> >>>>>>>> * http://localhost:8080/account
> >>>>>>>>
> >>>>>>>> And we could allow setting what domains uses what realms:
> >>>>>>>>
> >>>>>>>> * http://keycloak-master/oidc/login
> >>>>>>>> * http://keycloak-other/oidc/login
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> _______________________________________________
> >>>>>>>> keycloak-dev mailing list
> >>>>>>>> keycloak-dev at lists.jboss.org
> >>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>>>>>> _______________________________________________
> >>>>>>> keycloak-dev mailing list
> >>>>>>> keycloak-dev at lists.jboss.org
> >>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>>>>>>
> >>> _______________________________________________
> >>> keycloak-dev mailing list
> >>> keycloak-dev at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
>
>
More information about the keycloak-dev
mailing list