+1 This is very nice

We can't accept this for 1.9.x, but would love to include it in 2.0 if you can complete the work. We'll create a branch for 1.9.x very soon, once that's done we can start accepting PRs for 2.0.

Would be great if you carry on work on this feature and do a PR. We'd need tests as well as documentation, it would also be good with some examples.

BTW could you give us some step-by-step instructions on how to try it out? I'm to lazy/busy to figure it out on my own.

On 10 February 2016 at 06:12, Bill Burke <bburke@redhat.com> wrote:
This is really cool.


On 2/9/2016 5:48 PM, Thomas Darimont wrote:
Hello group,

I built a little prototype [0] for script based authenticators inspired by a discussion on the keycloak-users mailing list - 
think it was about post broker authentication checks, e.g. if the user has an email address that belongs to the google apps domain...

I introduced a ScriptBasedAuthenticator that is bootstraped via a
ScriptBasedAuthenticatorFactory can be execute a configured script
via a JSR-223 ScriptEngine against a provided execution context.

I also added a new "script" value type for proper rendering in the UI as well as an alias property 
to the AuthFlowExecutionRepresentation in order to be able to differentiate multiple instances of an Authenticator
within the same AuthFlow - this comes pretty close to having Auth0  like scriptable rules in Keycloak.

For convenient editing I added the AngularJS bindings for the popular ACE editor.

Looking forward to your thoughts :)

Cheers,
Thomas



_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev