I have few points regarding example applications:
- For third-party oauth client example, there is not possibility to
configure stuff through JSON but everything is hardcoded in classes
Bootstrap and ProductDatabaseClient. There are also some strange
comments in code like "This is the worst code ever" etc :-) This is
not so ideal IMO as I expect that people will often look to the
source code of these examples for inspiration. I believe that OAuth
clients should also have something like ManagedResourceConfigLoader
for Applications.
- For the "third-party" OAuth client, I don't like the fact that
when user press "Cancel" in OAuth grant page, there is exception in
server.log and Tomcat error page displayed. I believe the behaviour
should be more user-friendly.
- Examples "customer-portal", "product-portal", "database-service"
and "oauth-client" are using package "org.jboss.reasteasy..."
instead of "org.keycloak..."
Any thoughts? Let me know if I should create JIRA or help with
fixing those.
Marek