[keycloak-user] Flow Execution REST API Inconsistencies

Ryan Slominski ryans at jlab.org
Mon Apr 1 10:59:06 EDT 2019


Has anyone else noticed there are a few inconsistencies in the authentication flow execution section of the REST API.  For example, ordered most severe first:


  1.  You cannot specify an ID when creating an authentication flow execution (I believe every other create command allows this, and if you provide an ID it is ignored), which means when scripting you must programmatically capture the random ID that is generated in order to provide it to future commands (kcadm.sh create authentication/flows/<alias>/executions/execution -s id=ignored).
  2.  You cannot specify a flow ID when when adding an execution to a flow, instead you must use the flow alias, which may contain spaces that must be escaped (again, I believe every other create command uses ID, not alias)
  3.  You cannot specify the requirement (example: "ALTERNATIVE") when creating an execution.  You must separately update a newly created execution.   Coupled with forced random ID, this is awkward.
  4.  When creating an execution the parameter "provider" is used.  When creating a flow the parameter is named "providerId"


More information about the keycloak-user mailing list