[keycloak-user] resource ids
Pedro Igor Silva
psilva at redhat.com
Wed Oct 23 12:41:58 EDT 2019
Hi Corentin,
The name is unique for a same client and owner. Different owners can have
resources with a same name. Or are you talking about resources owned by the
resource server itself ?
On Wed, Oct 23, 2019 at 10:25 AM Corentin Dupont <corentin.dupont at gmail.com>
wrote:
> Hi guys,
> I was wondering why BOTH resource name and id have to be unique.
> Wouldn't only unique ID be enough? Why also name?
> This is causing me trouble because my users can choose the resource name.
>
> Another problem is that for me different resource types can have the same
> ID.
> e.g. a resource of type A can have the same ID than a resource of type B.
> How can that be solved in Keycloak? By prefixing both ID and name with the
> type?
> Thanks
>
>
> On Tue, Jul 2, 2019 at 10:28 PM Corentin Dupont <corentin.dupont at gmail.com>
> wrote:
>
>> Hi Pedro,
>> What I wondered is why the name (beside the ID) should be unique?
>> Regarding type, my point was that in my app resources with different
>> types can have the same ID.
>>
>> On Thu, Jun 27, 2019 at 2:53 PM Pedro Igor Silva <psilva at redhat.com>
>> wrote:
>>
>>> Hi Corentin,
>>>
>>> One of the main reasons to allow setting the ID is to make easier to map
>>> resources managed by Keycloak to those you are protecting in your app.
>>>
>>> The IDs must be unique.
>>>
>>> It is not clear to me why the type is not enough?
>>>
>>> On Thu, Jun 27, 2019 at 5:28 AM Corentin Dupont <
>>> corentin.dupont at gmail.com> wrote:
>>>
>>>> Hi guys,
>>>> I discovered that you can provide your own id when creating resources:
>>>>
>>>> curl -X POST "
>>>> http://localhost:8080/auth/realms/waziup/authz/protection/resource_set"
>>>> -H
>>>> "Authorization: Bearer $CLIENTTOKEN" -H "Content-Type:
>>>> application/json" -d
>>>> '{*"_id": "123-456"*, "type": "test", "name":"test",
>>>>
>>>> "scopes":["sensors:create","sensors:view","sensors:update","sensors:delete"],"owner":"cdupont",
>>>> "ownerManagedAccess": true}'
>>>>
>>>> This is very practical for synchronizing the resources with my own
>>>> database.
>>>> After some investigation, I found:
>>>> - the ID should be unique
>>>> - the name should be unique
>>>>
>>>> Is that correct? The resource type is not used in the unicity.
>>>> In my application database, resources with different types are stored in
>>>> different collections, so two resources with different types *can* have
>>>> the
>>>> same ID.
>>>> How do you suggest to solve this in Keycloak? Providing a keycloak ID of
>>>> the form <type>-<ID> for example? e.g. sensor-123 and project-123 would
>>>> not
>>>> collide.
>>>>
>>>> Cheers
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
More information about the keycloak-user
mailing list