[keycloak-dev] social roles

Stian Thorgersen stian at redhat.com
Tue Jul 30 11:40:36 EDT 2013


I'm a bit confused...

Keycloak retrieves the user profile information from whatever social provider is used at login-time, which is then saved to IDM. An application that can retrieve user profiles from IDM, can obtain any details obtained from a social provider. I guess that information could be split into:

* Basic - name, username
* Email
* Full - address, dob, etc.

Whether or not this information came from the registration form or Facebook shouldn't make any difference in how an application obtains the information. That reminds me that an application needs to be able to configure what fields the registration form contains (including which are optional).

Gathering more information from a social provider (such as tweats, contacts, etc.) is out of the scope of Keycloak. If an application wants this they would need to use their own key/secret for the provider. They would also need to have a way to configure what scopes Keycloak requests + be able to retrieve the access token (this probably doesn't need to be saved in Keycloak, just returned when the user logs in).

Having an additional Social SaaS that integrates with Keycloak would certainly be nice in the long run. In this case there would be loads more that can be retrieved. This is a relatively tricky thing to do as social sites differ quite a lot in their concepts. For example Twitter has tweats and followers, while Google has posts and circles. Creating a uniform api for multiple social sites is not trivial, certainly not when you want to post/upload information as well as retrieve it.

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Tuesday, 30 July, 2013 1:55:09 PM
> Subject: [keycloak-dev] social roles
> 
> Each realm will probably need a set of roles that pertain to social
> permissions i.e. : email-request, contacts, etc.  We need to compile a
> list of them...
> 
> We'll then assign scope mappings to registered applications and oauth
> clients if social is enabled for the realm.
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 


More information about the keycloak-dev mailing list