[keycloak-dev] Feedback on Client Registration CLI
Stian Thorgersen
sthorger at redhat.com
Fri Jul 22 03:40:20 EDT 2016
One more:
* How should we distribute it? I propose we just add kcreg.sh/kcreg.bat +
the JAR to the bin directory of the server
On 22 July 2016 at 09:33, Stian Thorgersen <sthorger at redhat.com> wrote:
> A few questions from me:
>
> * Is it possible to view the returned JSON when creating and updating a
> client? This contains values filled in by the server, including the
> registration access token.
> * Should we not enable pretty print by default?
> * --cache isn't the most intuitive name, I don't have a better suggestion
> though
> * Docs should be moved to Gitbook "Securing Clients and Applications guide"
> * When creating clients and later updating them I assume it uses the
> registration access token from the cache?
> * A nice addition would be the ability to list attributes from
> ClientRepresentation so it's easy to discover what attributes can be set
> * What about setting/changing complex attributes, how does that look like?
> Can we add/remove to an array? Add/remove elements to a complex object?
> Something like JSON patch could be nice
> https://tools.ietf.org/html/rfc6902
>
> On 22 July 2016 at 09:26, Stian Thorgersen <sthorger at redhat.com> wrote:
>
>> It should be fairly easy to add support for OTP as well as the direct
>> grant supports that. The user would have to specify to use OTP though.
>>
>> On 21 July 2016 at 19:15, Bruno Oliveira <bruno at abstractj.org> wrote:
>>
>>> Nice work Marko! I had two (not big deal) questions. First, when you
>>> specify the --cache parameters as you did for SAML, could the cache file
>>> be omitted?
>>>
>>> For example: kcreg --cache -r saml-realm ...
>>>
>>> I was thinking that once you specified the realm name, the API will just
>>> look for ~/.keycloak/saml-realm.cache. It's just an idea.
>>>
>>> Second question, is more like something to think if worth to take
>>> into consideration. Most of the examples that I saw, make use of
>>> username/password. But if the admin enables two factor authentication,
>>> she might be unable to use our client-reg CLI, or enforce weaken
>>> security only
>>> to make use of the CLI.
>>>
>>> Is OTP support planned for further iterations?
>>>
>>>
>>> On 2016-07-21, Marko Strukelj wrote:
>>> > And if anyone wants to get their feet wet already:
>>> >
>>> >
>>> https://github.com/mstruk/keycloak/tree/cli-reg/integration/client-registration-cli-tool
>>> >
>>> >
>>> > On Thu, Jul 21, 2016 at 4:06 PM, Stian Thorgersen <sthorger at redhat.com
>>> >
>>> > wrote:
>>> >
>>> > > Great work Marko!
>>> > >
>>> > > As we didn't have time to go through feedback let's use this thread
>>> for
>>> > > it. Add your questions and comments here please.
>>> > >
>>> > > _______________________________________________
>>> > > keycloak-dev mailing list
>>> > > keycloak-dev at lists.jboss.org
>>> > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>> > >
>>>
>>> > _______________________________________________
>>> > keycloak-dev mailing list
>>> > keycloak-dev at lists.jboss.org
>>> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>>
>>> --
>>>
>>> abstractj
>>> PGP: 0x84DC9914
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160722/224e2592/attachment.html
More information about the keycloak-dev
mailing list