[keycloak-dev] Allow additional attributes to be pushed into Freemarker templates (login and account themes) by extension developers

Stian Thorgersen sthorger at redhat.com
Fri Sep 29 07:30:36 EDT 2017


Making the required methods protected is a simple way to work around the
issue, but bear in mind that the FreeMarker providers are likely to change
in the future.

Another option could be to introduce an FreeMarkerAttributeProviderSPI, the
current freemarker providers would call all available providers to allow
them to add additional attributes. Something like:

* registerAccountAttribute(FormContext..)
* registerLoginAttribute(FormContext..)

Where FormContext would have access to KeycloakSession,
AuthenticationSession, etc..

Slightly more work, but would be more future proof IMO.


On 27 September 2017 at 15:20, Vlastimil Elias <velias at redhat.com> wrote:

> Hi,
>
> I was asked by Stian to post my proposal around
> https://issues.jboss.org/browse/KEYCLOAK-2671 to be discussed here with
> wider KC dev team.
>
> What we need is to pass some additional attributes into Login and
> Account freemarker templates as part of our extensions  - eg. to
> configure client side validations for registration form based on actual
> authentication session. Other use case we need is selection of Theme
> based on calling client.
>
> There are already Login and Account Form providers which may be
> customized (they are SPI), only problem is that current Freemarker
> providers use private fields and methods, so it is hard to customize
> them (I have to copy complete code which is hardly maintainable during
> keycloak upgrades).
>
> I believe we should resolve the problem by small refactoring of existing
> FreeMarkerLoginProvider and FreeMarkerAccountProvider providers similar
> you already done in FreeMarkerEmailTemplateProvider. So things like:
>
>   * change fields and methods from private to protected to allow
>     use/override in subclasses
>   * refactor some features to protected methods (eg. Template loading
>     from template provider - again, you did it in
>     FreeMarkerEmailTemplateProvider provider already) to allow override
>     in subclasses
>   * add one protected callback method called just before template and
>     attributes are passed to the freemarker engine for the processing -
>     this allow subclass simply add additional attributes to be passed
>     into template
>
> Only bigger change (and blocker for one of our important features) is
> passing of current AuthenticationSessionModel to the LoginFormsProvider
> instance at all places where the form provider is called. This is really
> missing now to be able customize GUI based on current client and
> authentication flow needs.
>
> I don't think those are big changes, but they will make life of
> extension developers much easier.
>
> I believe I'm able to provide pull request for this change if no better
> solution will be found there by experienced KC dev team.
>
> Thanks a lot in advance for any comments to my proposal.
>
> Vlastimil
>
> --
> Vlastimil Elias
> Principal Software Engineer, Middleware Engineering Services
> Red Hat
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev


More information about the keycloak-dev mailing list