<div dir="ltr">Hi Stian,<div><br></div><div>First off: I didn't know that Keycloak existed three weeks ago. Much of what I write might be a result of me being unfamiliar with earlier design choices. That being said:</div><div><br></div><div>Based on the snippet that you provided I'd argue that it is the service, rather than the admin client, that could/should be improved. When implementing a (REST) service, it is common to provide a representation as part of the response to a create (POST) request: the service response should include the most up-to-date representation of the resource, which prevents the client from having to reconstruct it (exactly what you're doing in that snippet), which is tedious, error-prone and lacking the inclusion of server-generated values. On top of that, if a client needs multiple requests to recreate a representation, concurrency issues come in to play. Who's to say that all responses reflect the exact same state, server sided?<br></div><div><br></div><div>Restructuring the web services could lead to a large change (although inclusion of representation in responses might be backwards compatible, as the random sample of services that I checked appear to currently have empty responses - perhaps the representation could simply 'fit in'). In any case, timing-wise, such an effort would coincide with the upcoming 2.0 development.</div><div><br></div><div>Based on the above, my suggestion would be:</div><div>1) Apart from the changes above, there might not be a need to rewrite the admin client. From my basic use over the last two weeks, I like it's simplicity. It provides a low-level entry point for people that start with Keycloak, which is good.</div><div>2) I can't say - simply don't have enough experience in this fields. Then again, in Java, when one says "in theory, it's compatible" it typically isn't.<br></div><div>3) Apply the changes for the as-is client to 1.9.x, and improve services (and as a result, the client) in 2.x</div><div><br></div><div>Kind regards,</div><div><br></div><div> Guus</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 5 April 2016 at 10:19, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">At least personally I think the admin client needs some TLC. For example creating a user requires:<div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace"> UserRepresentation user = new UserRepresentation();</font></div><div><font face="monospace, monospace"> user.setUsername("user");</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace"> Response response = keycloak.realm("realm").users().create(user);</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace"> // Retrieve created user id</font></div><div><font face="monospace, monospace"> String path = response.getLocation().getPath();</font></div><div><font face="monospace, monospace"> String id = path.substring(path.lastIndexOf('/') + 1);</font></div><div><font face="monospace, monospace"> </font></div><div><font face="monospace, monospace"> // Remember to close the response</font></div><div><font face="monospace, monospace"> response.close();</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace"> // Set password</font></div><div><font face="monospace, monospace"> CredentialRepresentation credentials = new CredentialRepresentation();</font></div><div><font face="monospace, monospace"> credentials.setType(CredentialRepresentation.PASSWORD);</font></div><div><font face="monospace, monospace"> credentials.setValue("password");</font></div><div><font face="monospace, monospace"> </font></div><div><font face="monospace, monospace"> keycloak.realm("realm").users().get(id).resetPassword(credentials);</font></div><div><font face="monospace, monospace"> </font></div><div><font face="monospace, monospace"> // Add role</font></div><div><font face="monospace, monospace"> RoleRepresentation role = keycloak.realm("realm").roles().get("role").toRepresentation();</font></div><div><font face="monospace, monospace"> keycloak.realm("realm").users().get(id).roles().realmLevel().add(Collections.singletonList(role));</font></div><div><font face="monospace, monospace"> </font></div><div><font face="arial, helvetica, sans-serif">That's pretty rubbish right?</font></div></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">In my opinion a lot of the usability issues is caused by directly exposing interfaces/proxies from RestEasy Client and it would be much better if we introduced a wrapper around it.</font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">So my questions are:</font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">1) What do we do with regards to admin client? Do we just wrap what we have, keep it or create a brand new one from scratch?</font></div><div><font face="arial, helvetica, sans-serif">2) Is it an issue that we require a specific RestEasy version to use the admin client? This seems a heavy dependency to me, which could conflict with other JAX-RS libraries. Using JAX-RS 2 Client would be an improvement as it should in theory work with any JAX-RS 2 provider.</font></div><div><font face="arial, helvetica, sans-serif">3) What do we do with current fixes for admin client? Do we merge to master and 1.9.x or just merge to master?</font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">At least from my POV the answers are:</font></div><div><font face="arial, helvetica, sans-serif">1) Create wrappers around interfaces/proxies from RestEasy client and not expose JAX-RS directly through the API as that should be an implementation detail</font></div><div><font face="arial, helvetica, sans-serif">2) Use JAX-RS 2 client</font></div><div><font face="arial, helvetica, sans-serif">3) Merge fixes to both master and 1.9.x (admin client is not supported in product for now, so it's less risky)</font></div></div>
<br>_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br></blockquote></div><br></div>