From: "Stan Silvert" <ssilvert(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Friday, January 23, 2015 2:47:20 PM
Subject: Re: [keycloak-dev] Shortening URLs
On 1/23/2015 8:45 AM, Stan Silvert wrote:
> So if it's something the user needs to remember, let's make it super easy:
>
>
http://foo.com/stan
>
> Of course then we would need to either enforce that they only create one
> realm So for multiple realms we could make it:
>
>
http://realm.foo.com/stan
I mean
http://realmname.foo.com
I don't think that'll work - if we drop '/realms/' part we would have to
move everything under a realm
>
> On 1/23/2015 8:20 AM, Stian Thorgersen wrote:
>> ----- Original Message -----
>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>> Cc: keycloak-dev(a)lists.jboss.org
>>> Sent: Friday, January 23, 2015 2:10:00 PM
>>> Subject: Re: [keycloak-dev] Shortening URLs
>>>
>>> On 1/23/2015 8:06 AM, Stian Thorgersen wrote:
>>>> ----- Original Message -----
>>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>>> To: keycloak-dev(a)lists.jboss.org
>>>>> Sent: Friday, January 23, 2015 2:01:23 PM
>>>>> Subject: Re: [keycloak-dev] Shortening URLs
>>>>>
>>>>> I like the idea of an option to bind the auth server to the root
>>>>> context. I think that would be especially good for the appliance
>>>>> dist.
>>>>>
>>>>> But I'm not sure about the rest. What is the problem we are
solving?
>>>> Shorter and easier to remember URLs ;)
>>>>
>>>> At least one the account will be something that users access directly.
>>> Which one is the URL that they will need to remember? Maybe we could
>>> make an alias.
>> Account is accessible by users directly:
>> -
http://localhost:8080/auth/realms/master/account
>>
>> BTW why not change it? If it can make things simpler for users. Devs that
>> don't use our adapters, but use standard openid connect libs for example,
>> will need to figure out all urls and configure them in the lib their
>> using.
>>
>>>>> On 1/23/2015 6:23 AM, Stian Thorgersen wrote:
>>>>>> Our URLs are quite long, examples:
>>>>>>
>>>>>> *
>>>>>>
http://localhost:8080/auth/realms/master/protocols/openid-connect/login
>>>>>> *
http://localhost:8080/auth/realms/master/account
>>>>>>
>>>>>> We could remove the 'realms' part and
'protocols' parts couldn't we?
>>>>>>
>>>>>> *
http://localhost:8080/auth/master/oidc/login
>>>>>> *
http://localhost:8080/auth/master/account
>>>>>>
>>>>>> That would require moving everything under a realm and I guess
we'd
>>>>>> need
>>>>>> to
>>>>>> hard-wire the protocols, but I think that should be fine.
>>>>>>
>>>>>> We also need to make sure we can just the root context:
>>>>>>
>>>>>> *
http://localhost:8080/master/oidc/login
>>>>>> *
http://localhost:8080/master/account
>>>>>>
>>>>>> We can also introduce other mechanisms to select the realm. For
>>>>>> example a
>>>>>> server with single realm can just omit it altogether:
>>>>>>
>>>>>> *
http://localhost:8080/oidc/login
>>>>>> *
http://localhost:8080/account
>>>>>>
>>>>>> And we could allow setting what domains uses what realms:
>>>>>>
>>>>>> *
http://keycloak-master/oidc/login
>>>>>> *
http://keycloak-other/oidc/login
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-dev mailing list
>>>>>> keycloak-dev(a)lists.jboss.org
>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>> _______________________________________________
>>>>> keycloak-dev mailing list
>>>>> keycloak-dev(a)lists.jboss.org
>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev