<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>You want to be able to store account links within a different
      datastore.<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 8/4/16 9:59 AM, Josh Cain wrote:<br>
    </div>
    <blockquote
cite="mid:CA+z0A8CZdt+PjOAw53DX5mvm_DC3GjsTd9-EgP49AUiW4zRjEw@mail.gmail.com"
      type="cite">
      <div dir="ltr">Not 100% sure what that question is asking; I'd
        like to provide social auth credential -&gt; Keycloak UserModel
        associations using another source than the Keycloak database.<br>
      </div>
      <div class="gmail_extra"><br clear="all">
        <div>
          <div class="gmail_signature" data-smartmail="gmail_signature">
            <div dir="ltr"><span>
                <div>
                  <div>Josh Cain | Software Applications Engineer<br>
                  </div>
                  <i>Identity and Access Management</i><br>
                </div>
                <b>Red Hat</b><br>
                +1 843-737-1735<br>
              </span></div>
          </div>
        </div>
        <br>
        <div class="gmail_quote">On Thu, Aug 4, 2016 at 8:47 AM, Bill
          Burke <span dir="ltr">&lt;<a moz-do-not-send="true"
              href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;</span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000">
              <p>So you basically want to choose which provider a social
                login (brokered login) gets imported into?<br>
              </p>
              <div>
                <div class="h5"> <br>
                  <div>On 8/4/16 9:32 AM, Josh Cain wrote:<br>
                  </div>
                  <blockquote type="cite">
                    <div dir="ltr">
                      <div>
                        <div>We've got social auth data already in a
                          data store, and other applications/enclaves
                          also use that data store, so we'd like to keep
                          it as a single source of truth (rather than
                          point additional applications to the KC
                          database, or require users to link the same
                          account manually again).<br>
                          <br>
                        </div>
                        Maybe in pictures would help.  The diagram below
                        would give a high-level understanding of how the
                        current user search works with federation
                        providers:<br>
                        <img
                          src="cid:part2.B030D6D7.4C1E3D23@redhat.com"
                          height="442" width="256"><br>
                        ​<br>
                      </div>
                      Contrast this with the current social auth user
                      lookup process like this (example using Github,
                      but any social auth provider really):<br>
                      <br>
                      <img src="cid:part3.E44F47BA.4402B26A@redhat.com"
                        height="543" width="461"><br>
                      ​<br>
                      <div>
                        <div>
                          <div>
                            <div>When the IDP swaps the auth code for
                              the access token and is able to view the
                              user's third party information (userId,
                              name, etc), this information is referenced
                              against the Keycloak database *only*.  I'd
                              ideally like to be able to consult an
                              external lookup in order to see if
                              something else was capable of associating
                              this third party information with a
                              Keycloak UserModel.  I was wondering if a
                              flow similar to the user's federation
                              provider flow would be possible -
                              something like this:<br>
                              <br>
                              <img
                                src="cid:part4.3D748201.1B1E11A4@redhat.com"
                                height="548" width="324"><br>
                              ​<br>
                            </div>
                            <div>Would extending Keycloak to include and
                              SPI for this be an option?  Thoughts?<br>
                              <br>
                            </div>
                            <div>I looked at simply altering/delegating
                              one of the existing UserProvider
                              implementations, but it just feels wrong.<br>
                            </div>
                            <div><br>
                            </div>
                          </div>
                        </div>
                      </div>
                    </div>
                    <div class="gmail_extra"><br clear="all">
                      <div>
                        <div data-smartmail="gmail_signature">
                          <div dir="ltr"><span>
                              <div>
                                <div>Josh Cain | Software Applications
                                  Engineer<br>
                                </div>
                                <i>Identity and Access Management</i><br>
                              </div>
                              <b>Red Hat</b><br>
                              <a moz-do-not-send="true"
                                href="tel:%2B1%20843-737-1735"
                                value="+18437371735" target="_blank">+1
                                843-737-1735</a><br>
                            </span></div>
                        </div>
                      </div>
                      <br>
                      <div class="gmail_quote">On Wed, Aug 3, 2016 at
                        8:35 PM, Bill Burke <span dir="ltr">&lt;<a
                            moz-do-not-send="true"
                            href="mailto:bburke@redhat.com"
                            target="_blank">bburke@redhat.com</a>&gt;</span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0
                          0 0 .8ex;border-left:1px #ccc
                          solid;padding-left:1ex">
                          <div bgcolor="#FFFFFF" text="#000000">
                            <p>Huh?  I don't understand.<br>
                            </p>
                            <div>
                              <div> <br>
                                <div>On 8/3/16 8:19 PM, Josh Cain wrote:<br>
                                </div>
                              </div>
                            </div>
                            <blockquote type="cite">
                              <div>
                                <div>
                                  <div dir="ltr">
                                    <div>
                                      <div>Hi all,<br>
                                        <br>
                                      </div>
                                      I'm in a situation in which I need
                                      to consult an external source of
                                      truth in order to pull social auth
                                      credentials (outside the Keycloak
                                      database).  I'd ideally like
                                      something functionally equivalent
                                      to the UserFederationProvider, in
                                      which another source outside the
                                      user store is consulted for this
                                      information.  Is anything like
                                      that currently supported?</div>
                                    <div>
                                      <div>
                                        <div><br clear="all">
                                          <div>
                                            <div
                                              data-smartmail="gmail_signature">
                                              <div dir="ltr"><span>
                                                  <div>
                                                    <div>Josh Cain |
                                                      Software
                                                      Applications
                                                      Engineer<br>
                                                    </div>
                                                    <i>Identity and
                                                      Access Management</i><br>
                                                  </div>
                                                  <b>Red Hat</b><br>
                                                  <a
                                                    moz-do-not-send="true"
href="tel:%2B1%20843-737-1735" value="+18437371735" target="_blank">+1
                                                    843-737-1735</a><br>
                                                </span></div>
                                            </div>
                                          </div>
                                        </div>
                                      </div>
                                    </div>
                                  </div>
                                  <br>
                                  <fieldset></fieldset>
                                  <br>
                                </div>
                              </div>
                              <pre>______________________________<wbr>_________________
keycloak-user mailing list
<a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/keycloak-user</a></pre>
    </blockquote>
    

  </div>


______________________________<wbr>_________________

keycloak-user mailing list

<a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>

<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/keycloak-user</a>
</blockquote></div>
</div>



</blockquote>
</div></div></div></blockquote></div>
</div>



</blockquote>
</body></html>