Re: [keycloak-dev] User ids and usernames

From: "Bill Burke" <bburke(a)redhat.com&gt; To: keycloak-dev(a)lists.jboss.org Sent: Thursday, 6 February, 2014 2:15:41 PM Subject: Re: [keycloak-dev] User ids and usernames On 2/6/2014 5:02 AM, Stian Thorgersen wrote: > A user should have an id, username and email (what we have now). The id > should be generated by the server and should never change for a user. The > sub field in the token should use this id, not the username. Applications > that wants to store information associated with a specific user should > also use this id, not the username or email, as the id will never change. > > That means it should be possible for a user to change his/her username. > Obviously a username has to be unique within a realm. We should then allow > a user to login with either their username or their password. When a user > is able to login with their username we can also remove the forgot > username option on the login form, and only have a forgot password option. > > This would also help integration with social login as now we don't have to > try to create a sensible username for a user on social login. Instead we > create a generated id, and don't even set a username. A user can then set > the username they want through the account management (or on the update > profile action page if that option is enabled). > > If there's no objections to this, I'd like to add these changes to alpha2. Ugh, this is just a nasty change. usernames will rarely, if ever, change and I don't like the idea that users can change their username. A principal name of "bill" is much more coherent than "2341235234234-234123-234123-2341234".

I want to ping jboss.org guys and see if they allow changing or setting usernames for their social login or how they handle that scenario.

-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev