<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jul 22, 2016 at 9:33 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr">A few questions from me:<div><br></div><div>* Is it possible to view the returned JSON when creating and updating a client? This contains values filled in by the server, including the registration access token.</div></div></blockquote><div>Not ATM. I can add an option e.g. -o, --output Display the new state of client configuration.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>* Should we not enable pretty print by default?</div></div></blockquote><div>I suppose that would be more user friendly. Just don't know how to name the switch -p, --pretty is so obvious ...</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>* --cache isn't the most intuitive name, I don't have a better suggestion though</div></div></blockquote><div>OpenShift client uses the term configuration rather than cache, and uses --config accordingly. We could do the same, and even add 'kcreg config' command to inspect and edit the config file if we deem that necessary.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>* Docs should be moved to Gitbook "Securing Clients and Applications guide"</div></div></blockquote><div>The only doc currently is the README file, so I guess that's the one you mean. I'd wait a bit with adding it to docbook. The later I make a copy in Gitbook the less double work will there be editing the changes.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>* When creating clients and later updating them I assume it uses the registration access token from the cache?</div></div></blockquote><div>Yes. If it can't find one it uses bearer token from login.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>* A nice addition would be the ability to list attributes from ClientRepresentation so it's easy to discover what attributes can be set</div></div></blockquote><div>That's trivial to add using reflection. But how would the UI look? Ideally we'd have tab completion for this at some point.</div><div><br></div><div>Something like this?</div><div><br></div><div>$ kcreg list-attrs</div><div>clientId String</div><div>redirectUris List<String></div><div>baseUrl String</div><div>enabled Boolean</div><div>...</div><div><br></div><div>$ kcreg list-attrs -e oidc</div><div>redirect_uris List<String></div><div>grant_types List<String></div><div><br></div><div><br></div><div>However if we want to be more specific, with some additional help on the meaning, and possible values, then we would need to annotate Representation classes with the necessary info, or simply have a help-style static text.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>* What about setting/changing complex attributes, how does that look like? Can we add/remove to an array? Add/remove elements to a complex object? Something like JSON patch could be nice <a href="https://tools.ietf.org/html/rfc6902" target="_blank">https://tools.ietf.org/html/rfc6902</a></div></div></blockquote><div>I haven't gone so far with this iteration. That's a TODO.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div class=""><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On 22 July 2016 at 09:26, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr">It should be fairly easy to add support for OTP as well as the direct grant supports that. The user would have to specify to use OTP though.</div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On 21 July 2016 at 19:15, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">Nice work Marko! I had two (not big deal) questions. First, when you<br>
specify the --cache parameters as you did for SAML, could the cache file be omitted?<br>
<br>
For example: kcreg --cache -r saml-realm ...<br>
<br>
I was thinking that once you specified the realm name, the API will just<br>
look for ~/.keycloak/saml-realm.cache. It's just an idea.<br>
<br>
Second question, is more like something to think if worth to take<br>
into consideration. Most of the examples that I saw, make use of<br>
username/password. But if the admin enables two factor authentication,<br>
she might be unable to use our client-reg CLI, or enforce weaken security only<br>
to make use of the CLI.<br>
<br>
Is OTP support planned for further iterations?<br>
<div><div><br>
<br>
On 2016-07-21, Marko Strukelj wrote:<br>
> And if anyone wants to get their feet wet already:<br>
><br>
> <a href="https://github.com/mstruk/keycloak/tree/cli-reg/integration/client-registration-cli-tool" rel="noreferrer" target="_blank">https://github.com/mstruk/keycloak/tree/cli-reg/integration/client-registration-cli-tool</a><br>
><br>
><br>
> On Thu, Jul 21, 2016 at 4:06 PM, Stian Thorgersen <<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>><br>
> wrote:<br>
><br>
> > Great work Marko!<br>
> ><br>
> > As we didn't have time to go through feedback let's use this thread for<br>
> > it. Add your questions and comments here please.<br>
> ><br>
> > _______________________________________________<br>
> > keycloak-dev mailing list<br>
> > <a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
> > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
> ><br>
<br>
> _______________________________________________<br>
> keycloak-dev mailing list<br>
> <a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
<br>
<br>
</div></div>--<br>
<br>
abstractj<br>
PGP: 0x84DC9914<br>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div></div>