[keycloak-user] Authorization resource SPI

Corentin Dupont corentin.dupont at gmail.com
Tue Jul 17 08:38:28 EDT 2018


On Tue, Jul 17, 2018 at 2:02 PM, Pedro Igor Silva <psilva at redhat.com> wrote:

> +1. We have this issue already https://issues.jboss.
> org/browse/KEYCLOAK-4905. Bill Burke suggested this SPI some time ago.
>
> This is one of the drawbacks when doing UMA and managing resources via
> Protection API. I also think that this SPI would make things a lot easier
> in regards to resource mgmt.
>

Would UMA still be possible with such a SPI?


>
> Would be nice if you could start something and contribute with us :)
>

I would be really glad :) however a bit full right now, let's see later...


>
> Regards.
> Pedro Igor
>
> On Tue, Jul 17, 2018 at 5:19 AM, Corentin Dupont <
> corentin.dupont at gmail.com> wrote:
>
>> Hi,
>> is it possible to implement a resource SPI? The idea would be to let an
>> external database to manage Keycloak resources.
>>
>> I currently manage my resources in two databases: Keycloak for properties
>> such as owner and visibility; and a regular Mongo for the rest of
>> properties relative to my business (think location, sensor values etc.).
>>
>> However, having resource split over two databases becomes more and more
>> awkward.
>> I have to keep them always in sync, for example creating and deleting the
>> resource in both location. It becomes even more complicated when something
>> fails on one database (such as 409 Conflict): I have to undo what was done
>> on the other DB.
>>
>> So it would be best to avoid duplication of data and manage everything in
>> the Mongo external database. Is it possible?
>>
>> Cheers
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>


More information about the keycloak-user mailing list