[keycloak-user] resource ids
Pedro Igor Silva
psilva at redhat.com
Thu Jun 27 08:53:26 EDT 2019
Hi Corentin,
One of the main reasons to allow setting the ID is to make easier to map
resources managed by Keycloak to those you are protecting in your app.
The IDs must be unique.
It is not clear to me why the type is not enough?
On Thu, Jun 27, 2019 at 5:28 AM Corentin Dupont <corentin.dupont at gmail.com>
wrote:
> Hi guys,
> I discovered that you can provide your own id when creating resources:
>
> curl -X POST "
> http://localhost:8080/auth/realms/waziup/authz/protection/resource_set" -H
> "Authorization: Bearer $CLIENTTOKEN" -H "Content-Type: application/json" -d
> '{*"_id": "123-456"*, "type": "test", "name":"test",
>
> "scopes":["sensors:create","sensors:view","sensors:update","sensors:delete"],"owner":"cdupont",
> "ownerManagedAccess": true}'
>
> This is very practical for synchronizing the resources with my own
> database.
> After some investigation, I found:
> - the ID should be unique
> - the name should be unique
>
> Is that correct? The resource type is not used in the unicity.
> In my application database, resources with different types are stored in
> different collections, so two resources with different types *can* have the
> same ID.
> How do you suggest to solve this in Keycloak? Providing a keycloak ID of
> the form <type>-<ID> for example? e.g. sensor-123 and project-123 would not
> collide.
>
> Cheers
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list