[keycloak-dev] external token exchange - feedback needed
Bill Burke
bburke at redhat.com
Thu Sep 21 16:05:51 EDT 2017
I'm almost done implementing external token exchange where you can
provide an external OIDC token and exchange it for a Keycloak one.
Need some feedback though.
* first broker flow and post broker flows won't be executed. Can't,
its a non-browser flow.
* mappers are run.
* logout will not logout broker session
* If duplicate emails exist, abort, 403
* If duplicate username exists, abort, 403.
The feedback I need is on duplicates. We might have the case where
username is unique across different realms. Should I have a switch
that will use existing user? Maybe an additional switch to not create
a link? Maybe I should have an exchange flow?
--
Bill Burke
Red Hat
More information about the keycloak-dev
mailing list