Re: [keycloak-dev] User ids and usernames

From: "Bill Burke" <bburke(a)redhat.com&gt; To: "Stian Thorgersen" <stian(a)redhat.com&gt; Cc: keycloak-dev(a)lists.jboss.org Sent: Friday, 7 February, 2014 1:57:56 PM Subject: Re: [keycloak-dev] User ids and usernames On 2/7/2014 3:20 AM, Stian Thorgersen wrote: > > > ----- Original Message ----- >> From: "Bill Burke" <bburke(a)redhat.com&gt; >> To: "Stian Thorgersen" <stian(a)redhat.com&gt; >> Cc: keycloak-dev(a)lists.jboss.org >> Sent: Friday, 7 February, 2014 3:37:39 AM >> Subject: Re: [keycloak-dev] User ids and usernames >> >> >> >> On 2/6/2014 11:05 AM, Stian Thorgersen wrote: >>>> Yeah, but wanting to know username, first, last, and/or email is just so >>>> common it should be optimzied. >>> >>> Have you read OpenID Connect spec yet? Is there anything like that in >>> there? >>> >> >> I read a little bit more...and of course... its in there :) Somebody >> must be actually using this spec for real apps instead of just writing >> it. ;) >> >> A "Successful Token Response" contains the access token, expiration, and >> the ID Token. >> >> ID token can have a bunch of useful shit in it. >> >> http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims >> >> I claim OpenID work :) I'll do it after Alpha 2. > > Cool, it'll be nice to have it in :) > > How about refresh tokens? and implicit flow? We have to support implicit flow? I thought that was a huge security hole?

-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com