Good night,
I've been working on the migration of the dependencies inside keycloak-proxy
(to be renamed to keycloak-generic-adapter) from Rohith's fork to its
respective upstream dependencies.
While doing the migration I found a blocker that's holding us from
move the codebase to Keycloak organization. This piece of code:
https://github.com/gambol99/keycloak-proxy/blob/master/server.go#L645-L719.
We could continue to pursue this, but that would gonna take more time.
Or we can just, move to go-oidc upstream v1 which can be fast and simple
and later we consider v2.
I believe that SkipClientIDCheck made a lot of sense when we had this
idea of having a proxy for Keycloak. But now things had changed and
we agreed that we do not aim to provide all proxy features, which
includes SkipClientIDCheck.
This does not mean that in the future we're not going to revisit this.
But we have to move forward and having working code can be better than
perfection.
Just in case you have interest on this,here's the PR which the changes
I mentioned:
https://github.com/gambol99/keycloak-proxy/pull/407
Thoughts?
--
abstractj