[keycloak-dev] Client ID and Client ClientID - I propose we remove one

Stian Thorgersen sthorger at redhat.com
Mon Nov 16 08:54:58 EST 2015


We have both "id" and "client-id" for clients in Keycloak at the moment.
This seems unnecessary and complex.

The model can retrieve clients on either value. In token endpoints the
"client-id" is used. In admin endpoints the "id" is used.

Also, in most cases it would be simpler for users to just have a generated
id than having to come up with one themselves. The id doesn't have to be
human readable either as we have name for that.

OpenID Connect expects "client-id" to be generated by the IdP and can't be
changed once created.

I propose we remove "client-id" and only keep id.

For migration of existing clients we would set the "id" value to the
current value of "client-id". This would require no changes to adapter
configs. When creating new clients from the admin console we would not
allow setting the "client-id", instead just display it after the client was
created. When importing clients it would be possible to set the id (and for
backwards compatibility we would set "id" equal to the "client-id" field.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151116/52c5e137/attachment.html 


More information about the keycloak-dev mailing list