Oh, I understand. So uniqueness requirements are like that:
Unique: _id
Unique: owner + name
Is it correct?
In my app, a same owner can have resources with the same ID, provided that
they have different types.
e.g. a user "Paul" can have a car named "Megane" and a child named
"Megane"
(sorry for that example).
I don't have resources belonging to the resource server (only to users).
Anyway, I don't understand the reason behind the uniqueness requirement for
owner+name? Isn't the _id sufficient?
On Wed, Oct 23, 2019 at 6:42 PM Pedro Igor Silva <psilva(a)redhat.com> wrote:
Hi Corentin,
The name is unique for a same client and owner. Different owners can have
resources with a same name. Or are you talking about resources owned by the
resource server itself ?
On Wed, Oct 23, 2019 at 10:25 AM Corentin Dupont <
corentin.dupont(a)gmail.com> wrote:
> Hi guys,
> I was wondering why BOTH resource name and id have to be unique.
> Wouldn't only unique ID be enough? Why also name?
> This is causing me trouble because my users can choose the resource name.
>
> Another problem is that for me different resource types can have the same
> ID.
> e.g. a resource of type A can have the same ID than a resource of type B.
> How can that be solved in Keycloak? By prefixing both ID and name with
> the type?
> Thanks
>
>
> On Tue, Jul 2, 2019 at 10:28 PM Corentin Dupont <
> corentin.dupont(a)gmail.com> wrote:
>
>> Hi Pedro,
>> What I wondered is why the name (beside the ID) should be unique?
>> Regarding type, my point was that in my app resources with different
>> types can have the same ID.
>>
>> On Thu, Jun 27, 2019 at 2:53 PM Pedro Igor Silva <psilva(a)redhat.com>
>> wrote:
>>
>>> Hi Corentin,
>>>
>>> One of the main reasons to allow setting the ID is to make easier to
>>> map resources managed by Keycloak to those you are protecting in your app.
>>>
>>> The IDs must be unique.
>>>
>>> It is not clear to me why the type is not enough?
>>>
>>> On Thu, Jun 27, 2019 at 5:28 AM Corentin Dupont <
>>> corentin.dupont(a)gmail.com> wrote:
>>>
>>>> Hi guys,
>>>> I discovered that you can provide your own id when creating resources:
>>>>
>>>> curl -X POST "
>>>>
http://localhost:8080/auth/realms/waziup/authz/protection/resource_set"
>>>> -H
>>>> "Authorization: Bearer $CLIENTTOKEN" -H "Content-Type:
>>>> application/json" -d
>>>> '{*"_id": "123-456"*, "type":
"test", "name":"test",
>>>>
>>>>
"scopes":["sensors:create","sensors:view","sensors:update","sensors:delete"],"owner":"cdupont",
>>>> "ownerManagedAccess": true}'
>>>>
>>>> This is very practical for synchronizing the resources with my own
>>>> database.
>>>> After some investigation, I found:
>>>> - the ID should be unique
>>>> - the name should be unique
>>>>
>>>> Is that correct? The resource type is not used in the unicity.
>>>> In my application database, resources with different types are stored
>>>> in
>>>> different collections, so two resources with different types *can*
>>>> have the
>>>> same ID.
>>>> How do you suggest to solve this in Keycloak? Providing a keycloak ID
>>>> of
>>>> the form <type>-<ID> for example? e.g. sensor-123 and
project-123
>>>> would not
>>>> collide.
>>>>
>>>> Cheers
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>