[keycloak-user] Authorization resource SPI

Pedro Igor Silva psilva at redhat.com
Tue Jul 17 08:02:09 EDT 2018


+1. We have this issue already https://issues.jboss.org/browse/KEYCLOAK-4905.
Bill Burke suggested this SPI some time ago.

This is one of the drawbacks when doing UMA and managing resources via
Protection API. I also think that this SPI would make things a lot easier
in regards to resource mgmt.

Would be nice if you could start something and contribute with us :)

Regards.
Pedro Igor

On Tue, Jul 17, 2018 at 5:19 AM, Corentin Dupont <corentin.dupont at gmail.com>
wrote:

> Hi,
> is it possible to implement a resource SPI? The idea would be to let an
> external database to manage Keycloak resources.
>
> I currently manage my resources in two databases: Keycloak for properties
> such as owner and visibility; and a regular Mongo for the rest of
> properties relative to my business (think location, sensor values etc.).
>
> However, having resource split over two databases becomes more and more
> awkward.
> I have to keep them always in sync, for example creating and deleting the
> resource in both location. It becomes even more complicated when something
> fails on one database (such as 409 Conflict): I have to undo what was done
> on the other DB.
>
> So it would be best to avoid duplication of data and manage everything in
> the Mongo external database. Is it possible?
>
> Cheers
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list