[keycloak-dev] Feedback on Client Registration CLI

Marko Strukelj mstrukel at redhat.com
Fri Jul 22 06:34:51 EDT 2016


+1

On Fri, Jul 22, 2016 at 12:22 PM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> Ok, so let's do both then - included with server + separate download. One
> download for both cli reg and admin cli is probably sufficient right?
>
> On 22 July 2016 at 12:11, Marko Strukelj <mstrukel at redhat.com> wrote:
>
>> I don't have kcreg.bat yet ... contributions welcome :)
>>
>> Making it part of keycloak server distro makes sense. OTOH I believe we
>> have some developers that just deal with HTML5 web apps who don't have
>> Keycloak Server installed locally. If that was the only way to get kcreg
>> they would have to download the whole server just to get the tool. For them
>> it makes sense to also have a separate CLI Tools download.
>>
>>
>> On Fri, Jul 22, 2016 at 9:40 AM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>> One more:
>>>
>>> * How should we distribute it? I propose we just add kcreg.sh/kcreg.bat
>>> + the JAR to the bin directory of the server
>>>
>>> On 22 July 2016 at 09:33, Stian Thorgersen <sthorger at redhat.com> wrote:
>>>
>>>> A few questions from me:
>>>>
>>>> * Is it possible to view the returned JSON when creating and updating a
>>>> client? This contains values filled in by the server, including the
>>>> registration access token.
>>>> * Should we not enable pretty print by default?
>>>> * --cache isn't the most intuitive name, I don't have a better
>>>> suggestion though
>>>> * Docs should be moved to Gitbook "Securing Clients and Applications
>>>> guide"
>>>> * When creating clients and later updating them I assume it uses the
>>>> registration access token from the cache?
>>>> * A nice addition would be the ability to list attributes from
>>>> ClientRepresentation so it's easy to discover what attributes can be set
>>>> * What about setting/changing complex attributes, how does that look
>>>> like? Can we add/remove to an array? Add/remove elements to a complex
>>>> object? Something like JSON patch could be nice
>>>> https://tools.ietf.org/html/rfc6902
>>>>
>>>> On 22 July 2016 at 09:26, Stian Thorgersen <sthorger at redhat.com> wrote:
>>>>
>>>>> It should be fairly easy to add support for OTP as well as the direct
>>>>> grant supports that. The user would have to specify to use OTP though.
>>>>>
>>>>> On 21 July 2016 at 19:15, Bruno Oliveira <bruno at abstractj.org> wrote:
>>>>>
>>>>>> Nice work Marko! I had two (not big deal) questions. First, when you
>>>>>> specify the --cache parameters as you did for SAML, could the cache
>>>>>> file be omitted?
>>>>>>
>>>>>> For example: kcreg --cache -r saml-realm ...
>>>>>>
>>>>>> I was thinking that once you specified the realm name, the API will
>>>>>> just
>>>>>> look for ~/.keycloak/saml-realm.cache. It's just an idea.
>>>>>>
>>>>>> Second question, is more like something to think if worth to take
>>>>>> into consideration. Most of the examples that I saw, make use of
>>>>>> username/password. But if the admin enables two factor authentication,
>>>>>> she might be unable to use our client-reg CLI, or enforce weaken
>>>>>> security only
>>>>>> to make use of the CLI.
>>>>>>
>>>>>> Is OTP support planned for further iterations?
>>>>>>
>>>>>>
>>>>>> On 2016-07-21, Marko Strukelj wrote:
>>>>>> > And if anyone wants to get their feet wet already:
>>>>>> >
>>>>>> >
>>>>>> https://github.com/mstruk/keycloak/tree/cli-reg/integration/client-registration-cli-tool
>>>>>> >
>>>>>> >
>>>>>> > On Thu, Jul 21, 2016 at 4:06 PM, Stian Thorgersen <
>>>>>> sthorger at redhat.com>
>>>>>> > wrote:
>>>>>> >
>>>>>> > > Great work Marko!
>>>>>> > >
>>>>>> > > As we didn't have time to go through feedback let's use this
>>>>>> thread for
>>>>>> > > it. Add your questions and comments here please.
>>>>>> > >
>>>>>> > > _______________________________________________
>>>>>> > > keycloak-dev mailing list
>>>>>> > > keycloak-dev at lists.jboss.org
>>>>>> > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>> > >
>>>>>>
>>>>>> > _______________________________________________
>>>>>> > keycloak-dev mailing list
>>>>>> > keycloak-dev at lists.jboss.org
>>>>>> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> abstractj
>>>>>> PGP: 0x84DC9914
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160722/981f0213/attachment.html 


More information about the keycloak-dev mailing list