[keycloak-dev] Shortening URLs
Stan Silvert
ssilvert at redhat.com
Fri Jan 23 09:06:44 EST 2015
On 1/23/2015 8:52 AM, Stian Thorgersen wrote:
>
> ----- Original Message -----
>> From: "Stan Silvert" <ssilvert at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Friday, January 23, 2015 2:47:20 PM
>> Subject: Re: [keycloak-dev] Shortening URLs
>>
>> On 1/23/2015 8:45 AM, Stan Silvert wrote:
>>> So if it's something the user needs to remember, let's make it super easy:
>>>
>>> http://foo.com/stan
>>>
>>> Of course then we would need to either enforce that they only create one
>>> realm So for multiple realms we could make it:
>>>
>>> http://realm.foo.com/stan
>> I mean http://realmname.foo.com
> I don't think that'll work - if we drop '/realms/' part we would have to move everything under a realm
The simplified URL would only be for that one use case we need to
solve. Everything else would work the old way.
I'm just thinking that if there is something the user needs to memorize
then we should make it really, really easy to memorize.
>
>>> On 1/23/2015 8:20 AM, Stian Thorgersen wrote:
>>>> ----- Original Message -----
>>>>> From: "Stan Silvert" <ssilvert at redhat.com>
>>>>> To: "Stian Thorgersen" <stian at redhat.com>
>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>> Sent: Friday, January 23, 2015 2:10:00 PM
>>>>> Subject: Re: [keycloak-dev] Shortening URLs
>>>>>
>>>>> On 1/23/2015 8:06 AM, Stian Thorgersen wrote:
>>>>>> ----- Original Message -----
>>>>>>> From: "Stan Silvert" <ssilvert at redhat.com>
>>>>>>> To: keycloak-dev at lists.jboss.org
>>>>>>> Sent: Friday, January 23, 2015 2:01:23 PM
>>>>>>> Subject: Re: [keycloak-dev] Shortening URLs
>>>>>>>
>>>>>>> I like the idea of an option to bind the auth server to the root
>>>>>>> context. I think that would be especially good for the appliance
>>>>>>> dist.
>>>>>>>
>>>>>>> But I'm not sure about the rest. What is the problem we are solving?
>>>>>> Shorter and easier to remember URLs ;)
>>>>>>
>>>>>> At least one the account will be something that users access directly.
>>>>> Which one is the URL that they will need to remember? Maybe we could
>>>>> make an alias.
>>>> Account is accessible by users directly:
>>>> - http://localhost:8080/auth/realms/master/account
>>>>
>>>> BTW why not change it? If it can make things simpler for users. Devs that
>>>> don't use our adapters, but use standard openid connect libs for example,
>>>> will need to figure out all urls and configure them in the lib their
>>>> using.
>>>>
>>>>>>> On 1/23/2015 6:23 AM, Stian Thorgersen wrote:
>>>>>>>> Our URLs are quite long, examples:
>>>>>>>>
>>>>>>>> *
>>>>>>>> http://localhost:8080/auth/realms/master/protocols/openid-connect/login
>>>>>>>> * http://localhost:8080/auth/realms/master/account
>>>>>>>>
>>>>>>>> We could remove the 'realms' part and 'protocols' parts couldn't we?
>>>>>>>>
>>>>>>>> * http://localhost:8080/auth/master/oidc/login
>>>>>>>> * http://localhost:8080/auth/master/account
>>>>>>>>
>>>>>>>> That would require moving everything under a realm and I guess we'd
>>>>>>>> need
>>>>>>>> to
>>>>>>>> hard-wire the protocols, but I think that should be fine.
>>>>>>>>
>>>>>>>> We also need to make sure we can just the root context:
>>>>>>>>
>>>>>>>> * http://localhost:8080/master/oidc/login
>>>>>>>> * http://localhost:8080/master/account
>>>>>>>>
>>>>>>>> We can also introduce other mechanisms to select the realm. For
>>>>>>>> example a
>>>>>>>> server with single realm can just omit it altogether:
>>>>>>>>
>>>>>>>> * http://localhost:8080/oidc/login
>>>>>>>> * http://localhost:8080/account
>>>>>>>>
>>>>>>>> And we could allow setting what domains uses what realms:
>>>>>>>>
>>>>>>>> * http://keycloak-master/oidc/login
>>>>>>>> * http://keycloak-other/oidc/login
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-dev mailing list
>>>>>>>> keycloak-dev at lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>> _______________________________________________
>>>>>>> keycloak-dev mailing list
>>>>>>> keycloak-dev at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>>
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
More information about the keycloak-dev
mailing list