----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Friday, January 23, 2015 3:36:09 PM
Subject: Re: [keycloak-dev] Shortening URLs
On 1/23/2015 6:23 AM, Stian Thorgersen wrote:
> Our URLs are quite long, examples:
>
> *
http://localhost:8080/auth/realms/master/protocols/openid-connect/login
> *
http://localhost:8080/auth/realms/master/account
>
> We could remove the 'realms' part and 'protocols' parts couldn't
we?
>
> *
http://localhost:8080/auth/master/oidc/login
> *
http://localhost:8080/auth/master/account
>
> That would require moving everything under a realm and I guess we'd need to
> hard-wire the protocols, but I think that should be fine.
>
Wouldn't work for multiple reasons.
* protocols/* exists to be able to plugin different protocols (oidc,
saml, etc.)
Yes, but couldn't we just hard-code it?
* Because of the crappy way JAX-RS dispatch algorithm handles
wildcards
for both resource classes and resource locators we need both a "realms"
and "protocols" qualifier.
Even if we moved all other paths under /auth/?
Its really funny you bring this up now because I've renewed my argument
with JAX-RS JSR just 2 minutes ago! Synchronicity!
> We also need to make sure we can just the root context:
>
> *
http://localhost:8080/master/oidc/login
> *
http://localhost:8080/master/account
>
> We can also introduce other mechanisms to select the realm. For example a
> server with single realm can just omit it altogether:
>
> *
http://localhost:8080/oidc/login
> *
http://localhost:8080/account
>
> And we could allow setting what domains uses what realms:
>
> *
http://keycloak-master/oidc/login
> *
http://keycloak-other/oidc/login
>
You don't think its better to have URLS be consistent?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev