Re: [keycloak-dev] Create Principal instance with username instead?

Friday, 31 October 2014

-1

We should stick with ID as we can guarantee that it's unique (in the future).

If app starts using the username in their dbs you can end up with situations where the
wrong user gets access to things he shouldn't. For example:

* If user with username userA is removed from Keycloak, then later a new user is
registered as userA
* If we support changing username in the future (this is on the road-map, and IMO it makes
sense to add this with a toggle in the realm to enable/disable)

What difference does it make if it's ugly? If apps wants to display details about the
user they should get the profile. Sadly there's no direct support for this in
Principal.

----- Original Message -----
...
 From: "Bill Burke" <bburke(a)redhat.com&gt;
 To: keycloak-dev(a)lists.jboss.org
 Sent: Thursday, 30 October, 2014 11:29:59 PM
 Subject: [keycloak-dev] Create Principal instance with username instead?

 Right no UserPrincipal is created in the adapters using the user id.
 For strictly pure Servlet apps, an ID is pretty ugly.  I don't want to
 force them to use keycloak code.

 So...is it ok to populate the principal name with
 accessToken.getPreferredUsername()?

 --
 Bill Burke
 JBoss, a division of Red Hat
 http://bill.burkecentral.com
 _______________________________________________
 keycloak-dev mailing list
 keycloak-dev(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-dev

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Re: [keycloak-dev] Create Principal instance with username instead?