[keycloak-dev] Feedback on Client Registration CLI
Stian Thorgersen
sthorger at redhat.com
Fri Jul 22 06:22:13 EDT 2016
Ok, so let's do both then - included with server + separate download. One
download for both cli reg and admin cli is probably sufficient right?
On 22 July 2016 at 12:11, Marko Strukelj <mstrukel at redhat.com> wrote:
> I don't have kcreg.bat yet ... contributions welcome :)
>
> Making it part of keycloak server distro makes sense. OTOH I believe we
> have some developers that just deal with HTML5 web apps who don't have
> Keycloak Server installed locally. If that was the only way to get kcreg
> they would have to download the whole server just to get the tool. For them
> it makes sense to also have a separate CLI Tools download.
>
>
> On Fri, Jul 22, 2016 at 9:40 AM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> One more:
>>
>> * How should we distribute it? I propose we just add kcreg.sh/kcreg.bat
>> + the JAR to the bin directory of the server
>>
>> On 22 July 2016 at 09:33, Stian Thorgersen <sthorger at redhat.com> wrote:
>>
>>> A few questions from me:
>>>
>>> * Is it possible to view the returned JSON when creating and updating a
>>> client? This contains values filled in by the server, including the
>>> registration access token.
>>> * Should we not enable pretty print by default?
>>> * --cache isn't the most intuitive name, I don't have a better
>>> suggestion though
>>> * Docs should be moved to Gitbook "Securing Clients and Applications
>>> guide"
>>> * When creating clients and later updating them I assume it uses the
>>> registration access token from the cache?
>>> * A nice addition would be the ability to list attributes from
>>> ClientRepresentation so it's easy to discover what attributes can be set
>>> * What about setting/changing complex attributes, how does that look
>>> like? Can we add/remove to an array? Add/remove elements to a complex
>>> object? Something like JSON patch could be nice
>>> https://tools.ietf.org/html/rfc6902
>>>
>>> On 22 July 2016 at 09:26, Stian Thorgersen <sthorger at redhat.com> wrote:
>>>
>>>> It should be fairly easy to add support for OTP as well as the direct
>>>> grant supports that. The user would have to specify to use OTP though.
>>>>
>>>> On 21 July 2016 at 19:15, Bruno Oliveira <bruno at abstractj.org> wrote:
>>>>
>>>>> Nice work Marko! I had two (not big deal) questions. First, when you
>>>>> specify the --cache parameters as you did for SAML, could the cache
>>>>> file be omitted?
>>>>>
>>>>> For example: kcreg --cache -r saml-realm ...
>>>>>
>>>>> I was thinking that once you specified the realm name, the API will
>>>>> just
>>>>> look for ~/.keycloak/saml-realm.cache. It's just an idea.
>>>>>
>>>>> Second question, is more like something to think if worth to take
>>>>> into consideration. Most of the examples that I saw, make use of
>>>>> username/password. But if the admin enables two factor authentication,
>>>>> she might be unable to use our client-reg CLI, or enforce weaken
>>>>> security only
>>>>> to make use of the CLI.
>>>>>
>>>>> Is OTP support planned for further iterations?
>>>>>
>>>>>
>>>>> On 2016-07-21, Marko Strukelj wrote:
>>>>> > And if anyone wants to get their feet wet already:
>>>>> >
>>>>> >
>>>>> https://github.com/mstruk/keycloak/tree/cli-reg/integration/client-registration-cli-tool
>>>>> >
>>>>> >
>>>>> > On Thu, Jul 21, 2016 at 4:06 PM, Stian Thorgersen <
>>>>> sthorger at redhat.com>
>>>>> > wrote:
>>>>> >
>>>>> > > Great work Marko!
>>>>> > >
>>>>> > > As we didn't have time to go through feedback let's use this
>>>>> thread for
>>>>> > > it. Add your questions and comments here please.
>>>>> > >
>>>>> > > _______________________________________________
>>>>> > > keycloak-dev mailing list
>>>>> > > keycloak-dev at lists.jboss.org
>>>>> > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>> > >
>>>>>
>>>>> > _______________________________________________
>>>>> > keycloak-dev mailing list
>>>>> > keycloak-dev at lists.jboss.org
>>>>> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> abstractj
>>>>> PGP: 0x84DC9914
>>>>>
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160722/01c597d5/attachment-0001.html
More information about the keycloak-dev
mailing list