[keycloak-dev] Feedback on Oauth Clients

[Bill Burke]

I need some feedback on how to handle OAuth Clients.  OAuth clients are 
like Applications in that Keycloak is used to log in, but OAuth clients 
are required to be forwarded through the OAuth Grant Page.  Users must 
directly grant permission to the OAuth client to access stuff.  OAuth 
clients will also not be hooked into Single Logout or the session 
management facilities I hope to incorporate into Keycloak.  OAuth 
clients will also not have roles associated with them.

The way google does it is that they require you to login using your 
Google account, then you create applications within their cloud service 
app.  Applications get their own unique client-id and password and you 
then assign permissions to this application.

I was thinking we should do something similar for Keycloak.

For our first release, we'll have a specific Admin UI in which you can 
create OAuth clients in much the same way you create applications.

For phase 2, I was thinking that the user account management would be 
expanded to have an option (if allowed by the realm) for creating and 
registering an OAuth client.  The user would then have a client-id 
generated for them and they would have to set up credentials for this 
client-id.
-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com