[keycloak-dev] url problem with login/account mgmt

[Stian Thorgersen]

I think we should remove the realm id, but require the realm name to be unique instead. For an online SaaS this is a first come first serve, as most other things (OpenShift, Gmail, etc). 

Also, for the SaaS you'd probably want to have URLs like:

realname.keycloak.org/rest/tokens

instead of (or in addition to)

keycloak.org/rest/realname/tokens


----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Wednesday, 27 November, 2013 3:50:14 PM
> Subject: [keycloak-dev] url problem with login/account mgmt
> 
> Apps may want to have a link back to login, logout, and account
> management.  The problem is this link has the form of:
> 
> /realms/{id}
> 
> Where {id} is this huge generated id.  We do this because realm names
> may not be unique in multi-tenancy environments.  While our public cloud
> plans are to create a dedicated server instance for a company, we may
> want to support multi-tenancy in the future.  So I think this has to stay.
> 
> What sucks is how can an app developer find out this id?  We can show
> the ID in the admin console and/or even have a "base url" field for the
> realm with a "Copy to Clipboard" button.  The adapters could set
> HttpServletRequest parameters pointing to logout and acct mgmt URLs too.
>   Any other ideas/concerns?

As well as adapters I think we should have SDKs. These should make it easy to get these URLs, as well as other things like for example retrieving the full user profile

> 
> Bill
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>