Re: [keycloak-dev] User SPI cache policies
Could we not do it as a special first authenticator in the flow?
On 31 October 2016 at 14:08, Bill Burke <bburke(a)redhat.com> wrote:
On 10/31/16 8:51 AM, Stian Thorgersen wrote:
On 31 October 2016 at 13:49, Bill Burke <bburke(a)redhat.com> wrote:
>
>
> On 10/31/16 1:48 AM, Stian Thorgersen wrote:
>
>> What about evict on authenticate (load from store when user
>> authenticates)? I think that would be the most useful policy.
>>
>> That would need to be implemented at the authenticator level.
Implementation details aside, should we not have it? It seems like the
most likely time you want to fetch the user and especially credentials.
Yeah, its a great idea. Implementation details matter though as I'm not
sure this can be reliably done without coding this in each top-level
authenticator and requiring an authenticator provider developer to be aware
of this policy.
Bill