[keycloak-dev] Remove kcinit and text-based authentication flows

Stian Thorgersen sthorger at redhat.com
Wed Sep 18 13:15:56 EDT 2019


It may be a bit of work to actually get rid of this though. A few things
that needs removing at least:

* There's both a Java and a Go kcinit
* Tests - I think they even checkout and build the kcinit go library
* Auth flow stuff, including all the duplicated code/classes for the text
mode
* KeycloakInstalled
* Probably other things as well....

It does make a lot of sense to get this done though in relation to the auth
work.

On Wed, 18 Sep 2019, 19:12 Stian Thorgersen, <sthorger at redhat.com> wrote:

> kc-init was never released or documented. It never got beyond a prototype.
> As such it can be removed without any deprecation period.
>
> We never used it in OpenShift integration, and have no plans of doing so.
>
>
> On Wed, 18 Sep 2019, 16:10 Stefan Guilhen, <sguilhen at redhat.com> wrote:
>
>> Stian has sent an e-mail to kc-user about a week ago, no replies so far.
>>
>> On Wed, Sep 18, 2019 at 10:50 AM Hynek Mlnarik <hmlnarik at redhat.com>
>> wrote:
>>
>>> +1 from dev perspective. I believe it is worth checking with
>>> keycloak-user
>>> as well.
>>>
>>> I guess deprecation period would be needed. IIRC, this was added with
>>> OSIN
>>> replacement in mind [1]. Is this plan obsoleted?
>>>
>>> [1]
>>> https://github.com/keycloak/openshift-integration/blob/master/README.md
>>>
>>> On Wed, Sep 18, 2019 at 2:30 PM Marek Posolda <mposolda at redhat.com>
>>> wrote:
>>>
>>> > +1
>>> >
>>> > Do we have a chance to do it now or is some "deprecation period"
>>> needed?
>>> > It may help to save some work with refactoring of authentication flows,
>>> > which will be required for multi-token and step-up authentication
>>> support.
>>> >
>>> > Marek
>>> >
>>> > On 06. 09. 19 11:54, Bruno Oliveira wrote:
>>> > > +1
>>> > >
>>> > > On Fri, Sep 6, 2019 at 6:48 AM Stian Thorgersen <sthorger at redhat.com
>>> >
>>> > wrote:
>>> > >> kcinit and it's associated text-based authentication flows adds
>>> quite a
>>> > bit
>>> > >> of complexity. It was never fully completed and we don't have
>>> capacity
>>> > to
>>> > >> complete it.
>>> > >>
>>> > >> Text-based authentication flows are also not really all that useful.
>>> > There
>>> > >> are other better approaches to authenticate devices without a web
>>> > browser,
>>> > >> and when there is a web browser that should be used rather than cli.
>>> > >>
>>> > >> I propose we remove both kcinit as well as the text-based
>>> authentication
>>> > >> flows. We also need to revert KeycloakInstalled to how it was prior
>>> to
>>> > this
>>> > >> was added as it is currently fairly broken.
>>> > >> _______________________________________________
>>> > >> keycloak-dev mailing list
>>> > >> keycloak-dev at lists.jboss.org
>>> > >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>> > >
>>> > >
>>> >
>>> > _______________________________________________
>>> > keycloak-dev mailing list
>>> > keycloak-dev at lists.jboss.org
>>> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>> >
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
>>
>> --
>>
>> Stefan Guilhen
>>
>> Principal Software Engineer
>>
>> Red Hat <https://www.redhat.com/>
>>
>> sguilhen at redhat.com    IM: sguilhen
>> @RedHat <https://twitter.com/redhat>   Red Hat
>> <https://www.linkedin.com/company/red-hat>  Red Hat
>> <https://www.facebook.com/RedHatInc>
>> <https://www.redhat.com/>
>>
>


More information about the keycloak-dev mailing list