[keycloak-user] dynamic client registration call idempotency
Sven Thoms
sven.thoms at gmail.com
Thu Feb 16 08:41:23 EST 2017
When registering a client dynamically at the well-known registration
endpoint:
http://keycloak.domain/auth/realms/myrealm/clients-registrations/openid-connect
with a given name, clientId and id returned are assigned a unique ID, e.g.
id: "fa8eeac6-0fb3-4fa4-8a1b-7c1d091001dc"
clientId: "fa8eeac6-0fb3-4fa4-8a1b-7c1d091001dc"
name: "test_client"
Is there a particular reason that within the same realm, when using OIDC
dynamic client registration, registration calls to the URL above are not
idempotent?
When I make a client registration multiple times using the same client
name, I end up getting many instances of the same client, making
per-client management of permissions, roles, resources etc. tedious.
Furthermore, when querying the Admin REST interface for all clients, no
client_id_issued_at field indicating a timestamp is present, so
determining which client is the latest one given same names is not possible
either.
This behavior breaks our automation pipeline.
More information about the keycloak-user
mailing list