[keycloak-dev] Client adapters backwards compatibility
Stan Silvert
ssilvert at redhat.com
Fri Mar 3 14:37:38 EST 2017
On 3/3/2017 2:11 PM, Bill Burke wrote:
>
> On 3/3/17 10:29 AM, Stan Silvert wrote:
>> Versioning is always a pain. But it's much better for us to manage the
>> pain than leave it up to customers.
>>
>> On 3/3/2017 9:35 AM, Bill Burke wrote:
>>> I agree with you in principle stan, but there are other issues:
>>>
>>> * For OIDC it is a get request with simple query parameters. There is no
>>> request object you can hide the version information in and you'd have to
>>> add another query param.
>> I don't think you need to hide the version. Just add another query
>> param. Then if version is not present, you at least know it's an old
>> client.
>>> * As Hynek said, for SAML IDP initiated SSO, there is no client
>>> request. User logs in then assertion is sent to client.
>> Would it make sense to send client version as part of the login?
>>
>> At some point, the client has to send a message to the server. You can
>> always piggyback the version onto whatever message is sent.
> Untrue. With SAML IDP initiated SSO, the client does not have to send a
> message to the server, ever. Also, this isn't a communication protocol,
> its an authentication protocol, so once the protocol is finished,
> there's no more piggybacking that can be done.
>
>>> * Keycloak 1.x and 2.x are already out the door and don't submit a
>>> version. 2.5.x fixes the problem of the OP, 1.x doesn't so there is no
>>> way to tell the difference.
>> Yea, I raised this issue in Brno last year. It's not too late to fix
>> the problem going forward though.
> We can and should propagate version, but it still doesn't solve the
> problem of a 1.9.x adapter talking to Keycoak 2.5.x, nor does it solve
> idp initiated SSO issues.
I'm on board with that. Let the client send a version whenever possible.
>
> Bill
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list