[keycloak-dev] User ids and usernames

Bill Burke bburke at redhat.com
Thu Feb 6 09:15:41 EST 2014

On 2/6/2014 5:02 AM, Stian Thorgersen wrote:
> A user should have an id, username and email (what we have now). The id should be generated by the server and should never change for a user. The sub field in the token should use this id, not the username. Applications that wants to store information associated with a specific user should also use this id, not the username or email, as the id will never change.
> That means it should be possible for a user to change his/her username. Obviously a username has to be unique within a realm. We should then allow a user to login with either their username or their password. When a user is able to login with their username we can also remove the forgot username option on the login form, and only have a forgot password option.
> This would also help integration with social login as now we don't have to try to create a sensible username for a user on social login. Instead we create a generated id, and don't even set a username. A user can then set the username they want through the account management (or on the update profile action page if that option is enabled).
> If there's no objections to this, I'd like to add these changes to alpha2.

Ugh, this is just a nasty change.  usernames will rarely, if ever, 
change and I don't like the idea that users can change their username. 
A principal name of "bill" is much more coherent than 

I want to ping jboss.org guys and see if they allow changing or setting 
usernames for their social login or how they handle that scenario.

Bill Burke
JBoss, a division of Red Hat

More information about the keycloak-dev mailing list