I think it's a good idea to split the notion of client and application/service. Not
sure I quite understand exactly what you are proposing would look like though.
We should gather requirements around "re-structuring" the model, and try to
cover all basis. Some things to consider:
* WildFly (JavaEE deployments specifically) - how to best integrate with WildFly and
JavaEE deployments
* non-JavaEE containers - can we provide a similar experience on non-JavaEE containers
(LiveOak, Vert.x, etc.)
* Client types - service, html5, mobile, desktop
* Devices - phones, browsers, servers, computers
* Applications - resources that are accessed, so they don't need credentials. They
don't have redirect uris, these should be associated with a client I think
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Monday, 27 January, 2014 5:08:54 PM
Subject: [keycloak-dev] new client type: "server"
Stan's work on the Wildfly subsystem got me thinking about how we might
want to reorganize keycloak. Since multiple applications may often be
deployed on the same server, what if we split the notion of Application
and client? Application would be a place to define application roles
and application scope only. A server can be associated with multiple
applications.
For config/bootstrapping, the user would specify a server in the admin
console and set up trust between the two. Then the user could import
deployments from a server and associate them with a realm and even
download the the roles of each of these deployments and create
Applications from them. For OAuth tokens, server would specify the
server's client_id as well as a scope. The scope would be the
Application the server is asking a token for.
So, a server would have:
* a client_id
* credentials
* admin URL
* be associated with one or more Applications
Application would have:
* roles
* valid redirect urls (which are associated with a server)
* scope
* sessions (view who's logged in where into what server)
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev