[keycloak-dev] Client ID and Client ClientID - I propose we remove one

Stian Thorgersen sthorger at redhat.com
Mon Nov 23 09:18:09 EST 2015


On 23 November 2015 at 15:06, Bill Burke <bburke at redhat.com> wrote:

>
>
> On 11/23/2015 3:19 AM, Stian Thorgersen wrote:
>
>>     Removing clientID doesn't work for built-in clients like account,
>>     broker, admin-console, etc.  These all need to be located using a
>>     predetermined name.  You'd have to figure out an additional
>>     alternative to refactor that.
>>
>>
>> Is it not actually bad that they are located using predetermined names?
>> If lookup is on id, you know for a fact that it's the correct client and
>> not just something with the same name.
>>
>>
> Remember, the predetermined names are "account", "broker" etc.  These are
> non-unique names.  They have to be predetermined or at least indexed in a
> realm attribute by a predetermined name.


My thinking was we'd add realm attributes


>
>
>
>> I never liked it when we had multiple entry points to the same resource.
>> What about using something like:
>>
>> GET ../users?username=<myusername>&single=true
>> GET ../users?email=<myemail>&single=true
>>
>> That returns a single UserRepresentation including 'self'
>> (../users/<user-id>).
>>
>> Same for groups:
>>
>> GET ../groups?path=<url encoded path>&single=true
>>
>>
> That works too.


It's slightly more elegant isn't it? As everything has 1 place in the
endpoints, rather than multiple. With a 'search' option under 'users' we'd
only have:

/users

But, with the alternative approach (users-by-username, group-by-path, etc)
we end up with multiple locations:

/users
/users-by-email
/users-by-username

Which I think is harder to use + not as nice for audit/logging



>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151123/528b371f/attachment.html 


More information about the keycloak-dev mailing list