Re: [keycloak-dev] User SPI cache policies

Could we not do it as a special first authenticator in the flow?

On 31 October 2016 at 14:08, Bill Burke <bburke(a)redhat.com&gt; wrote: > > On 10/31/16 8:51 AM, Stian Thorgersen wrote: > > > > On 31 October 2016 at 13:49, Bill Burke <bburke(a)redhat.com&gt; wrote: > >> >> On 10/31/16 1:48 AM, Stian Thorgersen wrote: >> >>> What about evict on authenticate (load from store when user >>> authenticates)? I think that would be the most useful policy. >>> >>> That would need to be implemented at the authenticator level. > > Implementation details aside, should we not have it? It seems like the > most likely time you want to fetch the user and especially credentials. > > > Yeah, its a great idea. Implementation details matter though as I'm not > sure this can be reliably done without coding this in each top-level > authenticator and requiring an authenticator provider developer to be aware > of this policy. > > Bill > _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev