[keycloak-dev] Client ID and Client ClientID - I propose we remove one
Stian Thorgersen
sthorger at redhat.com
Mon Nov 23 09:18:09 EST 2015
On 23 November 2015 at 15:06, Bill Burke <bburke at redhat.com> wrote:
>
>
> On 11/23/2015 3:19 AM, Stian Thorgersen wrote:
>
>> Removing clientID doesn't work for built-in clients like account,
>> broker, admin-console, etc. These all need to be located using a
>> predetermined name. You'd have to figure out an additional
>> alternative to refactor that.
>>
>>
>> Is it not actually bad that they are located using predetermined names?
>> If lookup is on id, you know for a fact that it's the correct client and
>> not just something with the same name.
>>
>>
> Remember, the predetermined names are "account", "broker" etc. These are
> non-unique names. They have to be predetermined or at least indexed in a
> realm attribute by a predetermined name.
My thinking was we'd add realm attributes
>
>
>
>> I never liked it when we had multiple entry points to the same resource.
>> What about using something like:
>>
>> GET ../users?username=<myusername>&single=true
>> GET ../users?email=<myemail>&single=true
>>
>> That returns a single UserRepresentation including 'self'
>> (../users/<user-id>).
>>
>> Same for groups:
>>
>> GET ../groups?path=<url encoded path>&single=true
>>
>>
> That works too.
It's slightly more elegant isn't it? As everything has 1 place in the
endpoints, rather than multiple. With a 'search' option under 'users' we'd
only have:
/users
But, with the alternative approach (users-by-username, group-by-path, etc)
we end up with multiple locations:
/users
/users-by-email
/users-by-username
Which I think is harder to use + not as nice for audit/logging
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151123/528b371f/attachment.html
More information about the keycloak-dev
mailing list