[keycloak-user] Authorization resource SPI
Pedro Igor Silva
psilva at redhat.com
Tue Jul 17 09:57:20 EDT 2018
UMA only defines the Protection API / Resource Registration Endpoint. We
could support that without impact compliance ...
On Tue, Jul 17, 2018 at 9:38 AM, Corentin Dupont <corentin.dupont at gmail.com>
wrote:
>
>
> On Tue, Jul 17, 2018 at 2:02 PM, Pedro Igor Silva <psilva at redhat.com>
> wrote:
>
>> +1. We have this issue already https://issues.jboss.o
>> rg/browse/KEYCLOAK-4905. Bill Burke suggested this SPI some time ago.
>>
>> This is one of the drawbacks when doing UMA and managing resources via
>> Protection API. I also think that this SPI would make things a lot easier
>> in regards to resource mgmt.
>>
>
> Would UMA still be possible with such a SPI?
>
>
>>
>> Would be nice if you could start something and contribute with us :)
>>
>
> I would be really glad :) however a bit full right now, let's see later...
>
>
>>
>> Regards.
>> Pedro Igor
>>
>> On Tue, Jul 17, 2018 at 5:19 AM, Corentin Dupont <
>> corentin.dupont at gmail.com> wrote:
>>
>>> Hi,
>>> is it possible to implement a resource SPI? The idea would be to let an
>>> external database to manage Keycloak resources.
>>>
>>> I currently manage my resources in two databases: Keycloak for properties
>>> such as owner and visibility; and a regular Mongo for the rest of
>>> properties relative to my business (think location, sensor values etc.).
>>>
>>> However, having resource split over two databases becomes more and more
>>> awkward.
>>> I have to keep them always in sync, for example creating and deleting the
>>> resource in both location. It becomes even more complicated when
>>> something
>>> fails on one database (such as 409 Conflict): I have to undo what was
>>> done
>>> on the other DB.
>>>
>>> So it would be best to avoid duplication of data and manage everything in
>>> the Mongo external database. Is it possible?
>>>
>>> Cheers
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
More information about the keycloak-user
mailing list