On 14 March 2017 at 12:21, Marek Posolda <mposolda(a)redhat.com> wrote:
Few things:
- It will be good to have some OOTB support for multivalued attributes.
You will be able to define if attribute is multivalued and then in
registration/account pages, users will see something like we have in admin
console for "redirect uris" or "web origins" in client detail page.
Any multi valued attributes would have to be done through custom extension
to the account management console and login pages. The built-in properties
we'll provide just don't need multi values (first name, dob, etc..)
- Besides validation, it may be useful to add some "actions" when
attribute is changed? For example if user changes email, there will be the
optional action, which will switch "emailVerified" to false and put the
"VerifyEmail" required action on him. When he changes mobile number, it
will send him SMS and he will need to confirm it somehow (perhaps again
through required action), etc.
Yes, not quite sure how to do that though. There's a few built-in providers
we'd like (make email not verified if changed, etc.), but users should also
be able add their own.
- It will be probably useful to allow admin to skip validation (and
actions) for certain attributes. Maybe validators could have an option like
"Skip admin" or something like that? Or should we always skip the
validations for admin?
Dunno - why should an admin be allowed to bypass validation? Validation is
there to make sure the details in the DB is accurate.
Marek
On 14/03/17 10:13, Stian Thorgersen wrote:
> At the moment there is no single point to define validation for a user.
> Even worse for the account management console and admin console it's not
> even possible to define validation for custom attributes.
>
> Also, as there is no defined list of attributes for a user there the
> mapping of user attributes is error prone.
>
> I'd like to introduce a Profile SPI to help with this. It would have
> methods to:
>
> * Validate users during creation and updates
> * List defined attributes on a user
>
> There would be a built-in provider that would delegate to ProfileAttribute
> SPI. ProfileAttribute SPI would allow defining configurable providers for
> single user attributes. I'm also considering adding a separate Validation
> SPI, so a ProfileAttribute provider could delegate validation to a
> separate
> validator.
>
> Users could also implement their own Profile provider to do whatever they
> want. I'd like to aim to make the SPI a supported SPI.
>
> First pass would focus purely on validation. Second pass would focus on
> using the attribute metadata to do things like:
>
> * Have dropdown boxes in mappers to select user attribute instead of
> copy/pasting the name
> * Have additional built-in attributes on registration form, update profile
> form and account management console that can be enabled/disabled by
> defining the Profile. I'm not suggesting a huge amount here and it will be
> limited to a few sensible attributes. Defining more complex things like
> address would still be done through extending the forms.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>