[keycloak-dev] Refactoring Model

Stian Thorgersen stian at redhat.com
Thu Feb 27 04:45:27 EST 2014

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Thursday, 27 February, 2014 3:08:13 AM
> Subject: Re: [keycloak-dev] Refactoring Model
> Ok, I did the first phase of this.  Most code is now dealing with
> ClientModel rather than UserModel in the TokenService, et. al.
> I hope nobody is working on anything major :) I'm just trying to avoid
> duplicating a lot of code.  I"d also like to eventually not use a User
> to model any type of client as I'm worried about username clashes and such.

+1 Assuming you're talking about getting rid of ClientModel.get/setAgent and just pulling all required fields from UserModel into ClientModel. It would also be nice to remove the "special" roles we have (KEYCLOAK_APPLICATION and KEYCLOAK_IDENTITY_REQUESTER).

One idea I had was to rename ApplicationModel to ResourceModel. A resource would only have name and roles. No web-origins, redirect-uris, secret or scope mapping. Then we'd add an option to ClientModel to automatically grant access instead. I think that makes the distinction clearer. Basically if your modelling something that is accessed through roles, you create a resource. If you're modelling something that wants to login users you create a client. And as some clients would be "internal" they have the option of automatically being granted permissions.

> On 2/26/2014 7:43 PM, Bill Burke wrote:
> > I'm refactoring ApplicationModel and OAuthClientModel to inherit from
> > the same interface, ClientModel.  I'm moving all the app/client specific
> > attributes out of UserModel and into ClientModel.
> >
> > I also want the TokenService to be dealing with ClientModel instead of
> > putzing around with UserModels and figuring out if they are apps or not.
> >    right now, if you change an application name it can screw up
> > everything when generating a token.
> >
> > So, expect some changes in this area this week.
> >
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list