[keycloak-dev] Deprecating/Removing keycloak-servlet-oauth-client
Marek Posolda
mposolda at redhat.com
Fri Mar 15 04:31:33 EDT 2019
We plan to deprecate and then eventually remove
keycloak-servlet-oauth-client. We don't officially support this client
(it is not documented and tested) and it is additional maintenance
overhead to have it in our codebase. Is someone around, who uses this
client? Do you want to become a maintainer of it? If yes, let us know.
You can fork it to your repository and we will reference it from the
"Extensions" page [1].
Some more details about the client:
AFAIR it is one of the very early-days keycloak features and the
use-case behind this was, that you have web frontend java application,
which is not secured by Keycloak and doesn't use adapter. But you still
want to have a way to invoke the REST services from this application,
which are secured by Keycloak. So you want to trigger the OAuth flow
manually from the Java without having the adapter to do it for you -
that's what this client is doing.
I think that this client can be almost always replaced by adapter or by
the servlet filter. The only case when it couldn't be replaced by
servlet filter is, when you have non-servlet java application.
This OAuth client is unmaintained and it is missing lot of features,
which were recently added to the adapter.
[1] https://www.keycloak.org/extensions.html
Marek
More information about the keycloak-dev
mailing list