Re: [keycloak-dev] Shortening URLs

From: "Stan Silvert" <ssilvert(a)redhat.com&gt; To: "Stian Thorgersen" <stian(a)redhat.com&gt; Cc: keycloak-dev(a)lists.jboss.org Sent: Friday, January 23, 2015 3:06:44 PM Subject: Re: [keycloak-dev] Shortening URLs On 1/23/2015 8:52 AM, Stian Thorgersen wrote: > > ----- Original Message ----- >> From: "Stan Silvert" <ssilvert(a)redhat.com&gt; >> To: keycloak-dev(a)lists.jboss.org >> Sent: Friday, January 23, 2015 2:47:20 PM >> Subject: Re: [keycloak-dev] Shortening URLs >> >> On 1/23/2015 8:45 AM, Stan Silvert wrote: >>> So if it's something the user needs to remember, let's make it super >>> easy: >>> >>> http://foo.com/stan >>> >>> Of course then we would need to either enforce that they only create one >>> realm So for multiple realms we could make it: >>> >>> http://realm.foo.com/stan >> I mean http://realmname.foo.com > I don't think that'll work - if we drop '/realms/' part we would have to > move everything under a realm The simplified URL would only be for that one use case we need to solve. Everything else would work the old way. I'm just thinking that if there is something the user needs to memorize then we should make it really, really easy to memorize.

> >>> On 1/23/2015 8:20 AM, Stian Thorgersen wrote: >>>> ----- Original Message ----- >>>>> From: "Stan Silvert" <ssilvert(a)redhat.com&gt; >>>>> To: "Stian Thorgersen" <stian(a)redhat.com&gt; >>>>> Cc: keycloak-dev(a)lists.jboss.org >>>>> Sent: Friday, January 23, 2015 2:10:00 PM >>>>> Subject: Re: [keycloak-dev] Shortening URLs >>>>> >>>>> On 1/23/2015 8:06 AM, Stian Thorgersen wrote: >>>>>> ----- Original Message ----- >>>>>>> From: "Stan Silvert" <ssilvert(a)redhat.com&gt; >>>>>>> To: keycloak-dev(a)lists.jboss.org >>>>>>> Sent: Friday, January 23, 2015 2:01:23 PM >>>>>>> Subject: Re: [keycloak-dev] Shortening URLs >>>>>>> >>>>>>> I like the idea of an option to bind the auth server to the root >>>>>>> context. I think that would be especially good for the appliance >>>>>>> dist. >>>>>>> >>>>>>> But I'm not sure about the rest. What is the problem we are solving? >>>>>> Shorter and easier to remember URLs ;) >>>>>> >>>>>> At least one the account will be something that users access directly. >>>>> Which one is the URL that they will need to remember? Maybe we could >>>>> make an alias. >>>> Account is accessible by users directly: >>>> - http://localhost:8080/auth/realms/master/account >>>> >>>> BTW why not change it? If it can make things simpler for users. Devs >>>> that >>>> don't use our adapters, but use standard openid connect libs for >>>> example, >>>> will need to figure out all urls and configure them in the lib their >>>> using. >>>> >>>>>>> On 1/23/2015 6:23 AM, Stian Thorgersen wrote: >>>>>>>> Our URLs are quite long, examples: >>>>>>>> >>>>>>>> * >>>>>>>> http://localhost:8080/auth/realms/master/protocols/openid-connect/login >>>>>>>> * http://localhost:8080/auth/realms/master/account >>>>>>>> >>>>>>>> We could remove the 'realms' part and 'protocols' parts couldn't we? >>>>>>>> >>>>>>>> * http://localhost:8080/auth/master/oidc/login >>>>>>>> * http://localhost:8080/auth/master/account >>>>>>>> >>>>>>>> That would require moving everything under a realm and I guess we'd >>>>>>>> need >>>>>>>> to >>>>>>>> hard-wire the protocols, but I think that should be fine. >>>>>>>> >>>>>>>> We also need to make sure we can just the root context: >>>>>>>> >>>>>>>> * http://localhost:8080/master/oidc/login >>>>>>>> * http://localhost:8080/master/account >>>>>>>> >>>>>>>> We can also introduce other mechanisms to select the realm. For >>>>>>>> example a >>>>>>>> server with single realm can just omit it altogether: >>>>>>>> >>>>>>>> * http://localhost:8080/oidc/login >>>>>>>> * http://localhost:8080/account >>>>>>>> >>>>>>>> And we could allow setting what domains uses what realms: >>>>>>>> >>>>>>>> * http://keycloak-master/oidc/login >>>>>>>> * http://keycloak-other/oidc/login >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> keycloak-dev mailing list >>>>>>>> keycloak-dev(a)lists.jboss.org >>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev >>>>>>> _______________________________________________ >>>>>>> keycloak-dev mailing list >>>>>>> keycloak-dev(a)lists.jboss.org >>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev >>>>>>> >>> _______________________________________________ >>> keycloak-dev mailing list >>> keycloak-dev(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-dev >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev >>