[keycloak-dev] User ids and usernames

Stian Thorgersen stian at redhat.com
Fri Feb 7 09:00:50 EST 2014



----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Friday, 7 February, 2014 1:57:56 PM
> Subject: Re: [keycloak-dev] User ids and usernames
> 
> 
> 
> On 2/7/2014 3:20 AM, Stian Thorgersen wrote:
> >
> >
> > ----- Original Message -----
> >> From: "Bill Burke" <bburke at redhat.com>
> >> To: "Stian Thorgersen" <stian at redhat.com>
> >> Cc: keycloak-dev at lists.jboss.org
> >> Sent: Friday, 7 February, 2014 3:37:39 AM
> >> Subject: Re: [keycloak-dev] User ids and usernames
> >>
> >>
> >>
> >> On 2/6/2014 11:05 AM, Stian Thorgersen wrote:
> >>>> Yeah, but wanting to know username, first, last, and/or email is just so
> >>>> common it should be optimzied.
> >>>
> >>> Have you read OpenID Connect spec yet? Is there anything like that in
> >>> there?
> >>>
> >>
> >> I read a little bit more...and of course... its in there :)  Somebody
> >> must be actually using this spec for real apps instead of just writing
> >> it. ;)
> >>
> >> A "Successful Token Response" contains the access token, expiration, and
> >> the ID Token.
> >>
> >> ID token can have a bunch of useful shit in it.
> >>
> >> http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
> >>
> >> I claim OpenID work :)  I'll do it after Alpha 2.
> >
> > Cool, it'll be nice to have it in :)
> >
> > How about refresh tokens? and implicit flow?
> 
> We have to support implicit flow?  I thought that was a huge security hole?

Not sure tbh - let's leave it and consider again if we get demand

> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> 


More information about the keycloak-dev mailing list