<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 23 November 2015 at 15:06, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class=""><br>
<br>
On 11/23/2015 3:19 AM, Stian Thorgersen wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Removing clientID doesn't work for built-in clients like account,<br>
broker, admin-console, etc. These all need to be located using a<br>
predetermined name. You'd have to figure out an additional<br>
alternative to refactor that.<br>
<br>
<br>
Is it not actually bad that they are located using predetermined names?<br>
If lookup is on id, you know for a fact that it's the correct client and<br>
not just something with the same name.<br>
<br>
</blockquote>
<br></span>
Remember, the predetermined names are "account", "broker" etc. These are non-unique names. They have to be predetermined or at least indexed in a realm attribute by a predetermined name.</blockquote><div><br></div><div>My thinking was we'd add realm attributes</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class=""><br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
I never liked it when we had multiple entry points to the same resource.<br>
What about using something like:<br>
<br>
GET ../users?username=<myusername>&single=true<br>
GET ../users?email=<myemail>&single=true<br>
<br>
That returns a single UserRepresentation including 'self'<br>
(../users/<user-id>).<br>
<br>
Same for groups:<br>
<br>
GET ../groups?path=<url encoded path>&single=true<br>
<br>
</blockquote>
<br></span>
That works too.</blockquote><div><br></div><div>It's slightly more elegant isn't it? As everything has 1 place in the endpoints, rather than multiple. With a 'search' option under 'users' we'd only have:</div><div><br></div><div>/users</div><div><br></div><div>But, with the alternative approach (users-by-username, group-by-path, etc) we end up with multiple locations:</div><div><br></div><div>/users<br></div><div>/users-by-email</div><div><div>/users-by-username</div></div><div><br></div><div>Which I think is harder to use + not as nice for audit/logging</div><div><br></div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class=""><div class="h5"><br>
<br>
-- <br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" rel="noreferrer" target="_blank">http://bill.burkecentral.com</a><br>
</div></div></blockquote></div><br></div></div>