[keycloak-user] resource ids

Wed Oct 23 12:51:48 EDT 2019

Oh, I understand. So uniqueness requirements are like that:
Unique: _id
Unique: owner + name

Is it correct?
In my app, a same owner can have resources with the same ID, provided that
they have different types.
e.g. a user "Paul" can have a car named "Megane" and a child named "Megane"
(sorry for that example).
I don't have resources belonging to the resource server (only to users).

Anyway, I don't understand the reason behind the uniqueness requirement for
owner+name? Isn't the _id sufficient?

On Wed, Oct 23, 2019 at 6:42 PM Pedro Igor Silva <psilva at redhat.com> wrote:

> Hi Corentin,
>
> The name is unique for a same client and owner. Different owners can have
> resources with a same name. Or are you talking about resources owned by the
> resource server itself ?
>
> On Wed, Oct 23, 2019 at 10:25 AM Corentin Dupont <
> corentin.dupont at gmail.com> wrote:
>
>> Hi guys,
>> I was wondering why BOTH resource name and id have to be unique.
>> Wouldn't only unique ID be enough? Why also name?
>> This is causing me trouble because my users can choose the resource name.
>>
>> Another problem is that for me different resource types can have the same
>> ID.
>> e.g. a resource of type A can have the same ID than a resource of type B.
>> How can that be solved in Keycloak? By prefixing both ID and name with
>> the type?
>> Thanks
>>
>>
>> On Tue, Jul 2, 2019 at 10:28 PM Corentin Dupont <
>> corentin.dupont at gmail.com> wrote:
>>
>>> Hi Pedro,
>>> What I wondered is why the name (beside the ID) should be unique?
>>> Regarding type, my point was that in my app resources with different
>>> types can have the same ID.
>>>
>>> On Thu, Jun 27, 2019 at 2:53 PM Pedro Igor Silva <psilva at redhat.com>
>>> wrote:
>>>
>>>> Hi Corentin,
>>>>
>>>> One of the main reasons to allow setting the ID is to make easier to
>>>> map resources managed by Keycloak to those you are protecting in your app.
>>>>
>>>> The IDs must be unique.
>>>>
>>>> It is not clear to me why the type is not enough?
>>>>
>>>> On Thu, Jun 27, 2019 at 5:28 AM Corentin Dupont <
>>>> corentin.dupont at gmail.com> wrote:
>>>>
>>>>> Hi guys,
>>>>> I discovered that you can provide your own id when creating resources:
>>>>>
>>>>> curl -X POST "
>>>>> http://localhost:8080/auth/realms/waziup/authz/protection/resource_set"
>>>>> -H
>>>>> "Authorization: Bearer $CLIENTTOKEN" -H "Content-Type:
>>>>> application/json" -d
>>>>> '{*"_id": "123-456"*, "type": "test", "name":"test",
>>>>>
>>>>> "scopes":["sensors:create","sensors:view","sensors:update","sensors:delete"],"owner":"cdupont",
>>>>> "ownerManagedAccess": true}'
>>>>>
>>>>> This is very practical for synchronizing the resources with my own
>>>>> database.
>>>>> After some investigation, I found:
>>>>> - the ID should be unique
>>>>> - the name should be unique
>>>>>
>>>>> Is that correct? The resource type is not used in the unicity.
>>>>> In my application database, resources with different types are stored
>>>>> in
>>>>> different collections, so two resources with different types *can*
>>>>> have the
>>>>> same ID.
>>>>> How do you suggest to solve this in Keycloak? Providing a keycloak ID
>>>>> of
>>>>> the form <type>-<ID> for example? e.g. sensor-123 and project-123
>>>>> would not
>>>>> collide.
>>>>>
>>>>> Cheers
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>