[keycloak-dev] User SPI cache policies
Bill Burke
bburke at redhat.com
Mon Oct 31 09:08:19 EDT 2016
On 10/31/16 8:51 AM, Stian Thorgersen wrote:
>
>
> On 31 October 2016 at 13:49, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
>
>
> On 10/31/16 1:48 AM, Stian Thorgersen wrote:
>
> What about evict on authenticate (load from store when user
> authenticates)? I think that would be the most useful policy.
>
> That would need to be implemented at the authenticator level.
>
>
> Implementation details aside, should we not have it? It seems like the
> most likely time you want to fetch the user and especially credentials.
Yeah, its a great idea. Implementation details matter though as I'm not
sure this can be reliably done without coding this in each top-level
authenticator and requiring an authenticator provider developer to be
aware of this policy.
Bill
More information about the keycloak-dev
mailing list