[keycloak-dev] Remove kcinit and text-based authentication flows
Marek Posolda
mposolda at redhat.com
Thu Sep 19 04:17:27 EDT 2019
I don't think we remove KeycloakInstalled. We may just need to revert to
the state before kcinit was introduced.
Marek
On 19. 09. 19 9:59, Thomas Darimont wrote:
> Hello,
>
> The KeycloakInstalled is part of the keycloak-installed-adapter which
> is used by some folks to authenticate Desktop Apps (via a browser
> based flow).
> Do you really want to remove KeycloakInstalled completely or just the
> CLI based interaction logic?
>
> Cheers,
> Thomas
>
> On Thu, 19 Sep 2019 at 09:53, Marek Posolda <mposolda at redhat.com
> <mailto:mposolda at redhat.com>> wrote:
>
> It seems that CloudTrust team already made kcinit tests passing in
> their
> prototype for Multi-factor authentication. So removing this now
> may not
> be so urgent from this perspective - it likely won't help the work
> regarding WebAuthn and authentication flows to be finished earlier...
> But will be good to doublecheck.
>
> Marek
>
> On 19. 09. 19 9:31, Stian Thorgersen wrote:
> > https://issues.jboss.org/browse/KEYCLOAK-11490
> >
> > On Wed, 18 Sep 2019 at 19:15, Stian Thorgersen
> <sthorger at redhat.com <mailto:sthorger at redhat.com>
> > <mailto:sthorger at redhat.com <mailto:sthorger at redhat.com>>> wrote:
> >
> > It may be a bit of work to actually get rid of this though.
> A few
> > things that needs removing at least:
> >
> > * There's both a Java and a Go kcinit
> > * Tests - I think they even checkout and build the kcinit go
> library
> > * Auth flow stuff, including all the duplicated code/classes for
> > the text mode
> > * KeycloakInstalled
> > * Probably other things as well....
> >
> > It does make a lot of sense to get this done though in
> relation to
> > the auth work.
> >
> > On Wed, 18 Sep 2019, 19:12 Stian Thorgersen,
> <sthorger at redhat.com <mailto:sthorger at redhat.com>
> > <mailto:sthorger at redhat.com <mailto:sthorger at redhat.com>>>
> wrote:
> >
> > kc-init was never released or documented. It never got
> beyond
> > a prototype. As such it can be removed without any
> deprecation
> > period.
> >
> > We never used it in OpenShift integration, and have no plans
> > of doing so.
> >
> >
> > On Wed, 18 Sep 2019, 16:10 Stefan Guilhen,
> > <sguilhen at redhat.com <mailto:sguilhen at redhat.com>
> <mailto:sguilhen at redhat.com <mailto:sguilhen at redhat.com>>> wrote:
> >
> > Stian has sent an e-mail to kc-user about a week ago, no
> > replies so far.
> >
> > On Wed, Sep 18, 2019 at 10:50 AM Hynek Mlnarik
> > <hmlnarik at redhat.com <mailto:hmlnarik at redhat.com>
> <mailto:hmlnarik at redhat.com <mailto:hmlnarik at redhat.com>>> wrote:
> >
> > +1 from dev perspective. I believe it is worth
> > checking with keycloak-user
> > as well.
> >
> > I guess deprecation period would be needed.
> IIRC, this
> > was added with OSIN
> > replacement in mind [1]. Is this plan obsoleted?
> >
> > [1]
> >
> https://github.com/keycloak/openshift-integration/blob/master/README.md
> >
> > On Wed, Sep 18, 2019 at 2:30 PM Marek Posolda
> > <mposolda at redhat.com
> <mailto:mposolda at redhat.com> <mailto:mposolda at redhat.com
> <mailto:mposolda at redhat.com>>> wrote:
> >
> > > +1
> > >
> > > Do we have a chance to do it now or is some
> > "deprecation period" needed?
> > > It may help to save some work with refactoring of
> > authentication flows,
> > > which will be required for multi-token and step-up
> > authentication support.
> > >
> > > Marek
> > >
> > > On 06. 09. 19 11:54, Bruno Oliveira wrote:
> > > > +1
> > > >
> > > > On Fri, Sep 6, 2019 at 6:48 AM Stian Thorgersen
> > <sthorger at redhat.com
> <mailto:sthorger at redhat.com> <mailto:sthorger at redhat.com
> <mailto:sthorger at redhat.com>>>
> > > wrote:
> > > >> kcinit and it's associated text-based
> > authentication flows adds quite a
> > > bit
> > > >> of complexity. It was never fully completed and
> > we don't have capacity
> > > to
> > > >> complete it.
> > > >>
> > > >> Text-based authentication flows are also not
> > really all that useful.
> > > There
> > > >> are other better approaches to authenticate
> > devices without a web
> > > browser,
> > > >> and when there is a web browser that should be
> > used rather than cli.
> > > >>
> > > >> I propose we remove both kcinit as well as the
> > text-based authentication
> > > >> flows. We also need to revert KeycloakInstalled
> > to how it was prior to
> > > this
> > > >> was added as it is currently fairly broken.
> > > >> _______________________________________________
> > > >> keycloak-dev mailing list
> > > >> keycloak-dev at lists.jboss.org
> <mailto:keycloak-dev at lists.jboss.org>
> > <mailto:keycloak-dev at lists.jboss.org
> <mailto:keycloak-dev at lists.jboss.org>>
> > > >>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > > >
> > > >
> > >
> > > _______________________________________________
> > > keycloak-dev mailing list
> > > keycloak-dev at lists.jboss.org
> <mailto:keycloak-dev at lists.jboss.org>
> > <mailto:keycloak-dev at lists.jboss.org
> <mailto:keycloak-dev at lists.jboss.org>>
> > >
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > >
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> > <mailto:keycloak-dev at lists.jboss.org
> <mailto:keycloak-dev at lists.jboss.org>>
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
> >
> >
> > --
> >
> > Stefan Guilhen
> >
> > Principal Software Engineer
> >
> > Red Hat<https://www.redhat.com/>
> >
> > sguilhen at redhat.com <mailto:sguilhen at redhat.com>
> <mailto:sguilhen at redhat.com <mailto:sguilhen at redhat.com>> IM: sguilhen
> >
> > @RedHat <https://twitter.com/redhat> Red Hat
> > <https://www.linkedin.com/company/red-hat> Red Hat
> > <https://www.facebook.com/RedHatInc>
> > <https://www.redhat.com/>
> >
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list