I have few points regarding example applications:
- For third-party oauth client example, there is not possibility to
configure stuff through JSON but everything is hardcoded in classes
Bootstrap and ProductDatabaseClient. There are also some strange
comments in code like "This is the worst code ever" etc :-) This is not
so ideal IMO as I expect that people will often look to the source code
of these examples for inspiration. I believe that OAuth clients should
also have something like ManagedResourceConfigLoader for Applications.
- For the "third-party" OAuth client, I don't like the fact that when
user press "Cancel" in OAuth grant page, there is exception in
server.log and Tomcat error page displayed. I believe the behaviour
should be more user-friendly.
- Examples "customer-portal", "product-portal",
"database-service" and
"oauth-client" are using package "org.jboss.reasteasy..." instead of
"org.keycloak..."
Any thoughts? Let me know if I should create JIRA or help with fixing those.
Marek