On 12/12/2013 12:35 PM, Marek Posolda wrote:
On 11.12.2013 14:10, Bill Burke wrote:
>
> On 12/10/2013 11:45 AM, Marek Posolda wrote:
>> I have few points regarding example applications:
>>
>> - For third-party oauth client example, there is not possibility to
>> configure stuff through JSON but everything is hardcoded in classes
>> Bootstrap and ProductDatabaseClient. There are also some strange
>> comments in code like "This is the worst code ever" etc :-) This is
not
>> so ideal IMO as I expect that people will often look to the source code
>> of these examples for inspiration. I believe that OAuth clients should
>> also have something like ManagedResourceConfigLoader for Applications.
>>
> Feel free to write a better example with CDI or Spring and expand out
> the oauth client framework code.
I've send PR
https://github.com/keycloak/keycloak/pull/134 . Third-party
application rewritten to use CDI+JSF and now it read the configuration
from JSON file. I've added ManagedOAuthClientConfigLoader (subclass of
ManagedResourceConfigLoader) for support of reading configuration of
OAuth clients from JSON files.
I've also created JIRA
https://issues.jboss.org/browse/KEYCLOAK-231 and
implemented it in my PR as currently our adapters (both OAuthClient and
Applications) don't have any support for sending "scope" parameter to
Keycloak server.
So now if you have something like this in keycloak.json configuration of
your application or oauth-client:
"scope" : {
"realm" : [ "user" ]
}
I'm not sure we need a "scope" parameter. Scope is already configured
and defined within the admin console for each application and/or oauth
client. Apps/oauth clients just can't ask for any role they want, they
must have permission to ask for that role. The only purpose a "scope"
parameter would provide would be to reduce the size of the access token.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com