[keycloak-dev] Remove kcinit and text-based authentication flows

Marek Posolda mposolda at redhat.com
Thu Sep 19 03:52:22 EDT 2019


It seems that CloudTrust team already made kcinit tests passing in their 
prototype for Multi-factor authentication. So removing this now may not 
be so urgent from this perspective - it likely won't help the work 
regarding WebAuthn and authentication flows to be finished earlier... 
But will be good to doublecheck.

Marek

On 19. 09. 19 9:31, Stian Thorgersen wrote:
> https://issues.jboss.org/browse/KEYCLOAK-11490
>
> On Wed, 18 Sep 2019 at 19:15, Stian Thorgersen <sthorger at redhat.com 
> <mailto:sthorger at redhat.com>> wrote:
>
>     It may be a bit of work to actually get rid of this though. A few
>     things that needs removing at least:
>
>     * There's both a Java and a Go kcinit
>     * Tests - I think they even checkout and build the kcinit go library
>     * Auth flow stuff, including all the duplicated code/classes for
>     the text mode
>     * KeycloakInstalled
>     * Probably other things as well....
>
>     It does make a lot of sense to get this done though in relation to
>     the auth work.
>
>     On Wed, 18 Sep 2019, 19:12 Stian Thorgersen, <sthorger at redhat.com
>     <mailto:sthorger at redhat.com>> wrote:
>
>         kc-init was never released or documented. It never got beyond
>         a prototype. As such it can be removed without any deprecation
>         period.
>
>         We never used it in OpenShift integration, and have no plans
>         of doing so.
>
>
>         On Wed, 18 Sep 2019, 16:10 Stefan Guilhen,
>         <sguilhen at redhat.com <mailto:sguilhen at redhat.com>> wrote:
>
>             Stian has sent an e-mail to kc-user about a week ago, no
>             replies so far.
>
>             On Wed, Sep 18, 2019 at 10:50 AM Hynek Mlnarik
>             <hmlnarik at redhat.com <mailto:hmlnarik at redhat.com>> wrote:
>
>                 +1 from dev perspective. I believe it is worth
>                 checking with keycloak-user
>                 as well.
>
>                 I guess deprecation period would be needed. IIRC, this
>                 was added with OSIN
>                 replacement in mind [1]. Is this plan obsoleted?
>
>                 [1]
>                 https://github.com/keycloak/openshift-integration/blob/master/README.md
>
>                 On Wed, Sep 18, 2019 at 2:30 PM Marek Posolda
>                 <mposolda at redhat.com <mailto:mposolda at redhat.com>> wrote:
>
>                 > +1
>                 >
>                 > Do we have a chance to do it now or is some
>                 "deprecation period" needed?
>                 > It may help to save some work with refactoring of
>                 authentication flows,
>                 > which will be required for multi-token and step-up
>                 authentication support.
>                 >
>                 > Marek
>                 >
>                 > On 06. 09. 19 11:54, Bruno Oliveira wrote:
>                 > > +1
>                 > >
>                 > > On Fri, Sep 6, 2019 at 6:48 AM Stian Thorgersen
>                 <sthorger at redhat.com <mailto:sthorger at redhat.com>>
>                 > wrote:
>                 > >> kcinit and it's associated text-based
>                 authentication flows adds quite a
>                 > bit
>                 > >> of complexity. It was never fully completed and
>                 we don't have capacity
>                 > to
>                 > >> complete it.
>                 > >>
>                 > >> Text-based authentication flows are also not
>                 really all that useful.
>                 > There
>                 > >> are other better approaches to authenticate
>                 devices without a web
>                 > browser,
>                 > >> and when there is a web browser that should be
>                 used rather than cli.
>                 > >>
>                 > >> I propose we remove both kcinit as well as the
>                 text-based authentication
>                 > >> flows. We also need to revert KeycloakInstalled
>                 to how it was prior to
>                 > this
>                 > >> was added as it is currently fairly broken.
>                 > >> _______________________________________________
>                 > >> keycloak-dev mailing list
>                 > >> keycloak-dev at lists.jboss.org
>                 <mailto:keycloak-dev at lists.jboss.org>
>                 > >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>                 > >
>                 > >
>                 >
>                 > _______________________________________________
>                 > keycloak-dev mailing list
>                 > keycloak-dev at lists.jboss.org
>                 <mailto:keycloak-dev at lists.jboss.org>
>                 > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>                 >
>                 _______________________________________________
>                 keycloak-dev mailing list
>                 keycloak-dev at lists.jboss.org
>                 <mailto:keycloak-dev at lists.jboss.org>
>                 https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
>             -- 
>
>             Stefan Guilhen
>
>             Principal Software Engineer
>
>             Red Hat<https://www.redhat.com/>
>
>             sguilhen at redhat.com <mailto:sguilhen at redhat.com> IM: sguilhen
>
>             @RedHat <https://twitter.com/redhat> Red Hat
>             <https://www.linkedin.com/company/red-hat> Red Hat
>             <https://www.facebook.com/RedHatInc>
>             <https://www.redhat.com/>
>



More information about the keycloak-dev mailing list