+1
OIDC standard claims seem like a great set of attributes to start with.
Perhaps out of scope, but unique attribute values per user would be really
nice. A generic way to add more identifiers to users.
On Tue, 14 Mar 2017 at 10:14 Stian Thorgersen <sthorger(a)redhat.com> wrote:
At the moment there is no single point to define validation for a
user.
Even worse for the account management console and admin console it's not
even possible to define validation for custom attributes.
Also, as there is no defined list of attributes for a user there the
mapping of user attributes is error prone.
I'd like to introduce a Profile SPI to help with this. It would have
methods to:
* Validate users during creation and updates
* List defined attributes on a user
There would be a built-in provider that would delegate to ProfileAttribute
SPI. ProfileAttribute SPI would allow defining configurable providers for
single user attributes. I'm also considering adding a separate Validation
SPI, so a ProfileAttribute provider could delegate validation to a separate
validator.
Users could also implement their own Profile provider to do whatever they
want. I'd like to aim to make the SPI a supported SPI.
First pass would focus purely on validation. Second pass would focus on
using the attribute metadata to do things like:
* Have dropdown boxes in mappers to select user attribute instead of
copy/pasting the name
* Have additional built-in attributes on registration form, update profile
form and account management console that can be enabled/disabled by
defining the Profile. I'm not suggesting a huge amount here and it will be
limited to a few sensible attributes. Defining more complex things like
address would still be done through extending the forms.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev