I don't have kcreg.bat yet ... contributions welcome :)

Making it part of keycloak server distro makes sense. OTOH I believe we have some developers that just deal with HTML5 web apps who don't have Keycloak Server installed locally. If that was the only way to get kcreg they would have to download the whole server just to get the tool. For them it makes sense to also have a separate CLI Tools download. 


On Fri, Jul 22, 2016 at 9:40 AM, Stian Thorgersen <sthorger@redhat.com> wrote:
One more:

* How should we distribute it? I propose we just add kcreg.sh/kcreg.bat + the JAR to the bin directory of the server

On 22 July 2016 at 09:33, Stian Thorgersen <sthorger@redhat.com> wrote:
A few questions from me:

* Is it possible to view the returned JSON when creating and updating a client? This contains values filled in by the server, including the registration access token.
* Should we not enable pretty print by default?
* --cache isn't the most intuitive name, I don't have a better suggestion though
* Docs should be moved to Gitbook "Securing Clients and Applications guide"
* When creating clients and later updating them I assume it uses the registration access token from the cache?
* A nice addition would be the ability to list attributes from ClientRepresentation so it's easy to discover what attributes can be set
* What about setting/changing complex attributes, how does that look like? Can we add/remove to an array? Add/remove elements to a complex object? Something like JSON patch could be nice https://tools.ietf.org/html/rfc6902

On 22 July 2016 at 09:26, Stian Thorgersen <sthorger@redhat.com> wrote:
It should be fairly easy to add support for OTP as well as the direct grant supports that. The user would have to specify to use OTP though.

On 21 July 2016 at 19:15, Bruno Oliveira <bruno@abstractj.org> wrote:
Nice work Marko! I had two (not big deal) questions. First, when you
specify the --cache parameters as you did for SAML, could the cache file be omitted?

For example: kcreg --cache -r saml-realm ...

I was thinking that once you specified the realm name, the API will just
look for ~/.keycloak/saml-realm.cache. It's just an idea.

Second question, is more like something to think if worth to take
into consideration. Most of the examples that I saw, make use of
username/password. But if the admin enables two factor authentication,
she might be unable to use our client-reg CLI, or enforce weaken security only
to make use of the CLI.

Is OTP support planned for further iterations?


On 2016-07-21, Marko Strukelj wrote:
> And if anyone wants to get their feet wet already:
>
> https://github.com/mstruk/keycloak/tree/cli-reg/integration/client-registration-cli-tool
>
>
> On Thu, Jul 21, 2016 at 4:06 PM, Stian Thorgersen <sthorger@redhat.com>
> wrote:
>
> > Great work Marko!
> >
> > As we didn't have time to go through feedback let's use this thread for
> > it. Add your questions and comments here please.
> >
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev@lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >

> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev


--

abstractj
PGP: 0x84DC9914