-
Notifications
You must be signed in to change notification settings - Fork 201
Ability to set realmName (and maybe other settings) after first authentication #3
Comments
I will take a shot at implementing this because I need it for amazeeio/lagoon. |
Hi @karlhorky For use case 2:
If you authorize the client with master realm, you can access resources in other realms like this: await this.kcAdminClient.users.create({
realm: "another-realm",
username: "username",
email: 'wwwy3y3@canner.io'
}); There are some tests in https://github.com/Canner/keycloak-admin/blob/master/test/crossRealm.spec.ts As for case 1:This requires some implemetation. I'll look into your technical background & PR later. |
Ah ok, great! Then I can just solve this by documenting it. I'll simplify the solution then for case 1 too. Edit: I've removed the |
I've removed the "Work in Progress" labels from the pull request, ready for review when you have a minute! |
Use cases
master
realm and then do all further operations in a secondaryrealm-b
realm, such as creating a group. It would be desirable to not have to passrealm-b
for every call.The Keycloak root admin user wants to log in to theThis is apparently already covered by Ability to set realmName (and maybe other settings) after first authentication #3 (comment). I'll document this in the PR.master
realm and do most operations in themaster
realm, except for a single operation in arealm-c
realm.Prior Art
The keycloak-admin-client allows for use of a different realm via requiring the user to repeat the realm for every call:
Proposed API
This is a rough first version of the proposed API. The final version may look different.
Technical Background
1) First instantiation of Keycloak admin client
The following user code...
...does the following things:
1.1) Sets the
realmName
property on the instance to original realmName ("realmNameA")1.2) Passes that instance to the constructor of various resources
1.3) Passes the realmName further to the Resource constructor (via urlParams)
1.4) Passes the realmName further to the Agent constructor (via urlParams)
1.5) Sets the baseParams instance property, which will be used for URL parameters in all further requests
1.6) Further requests pass along the baseParams to the
requestWithParams
method1.7) The urlParams are templated
1.8) And passed along to Axios
2) Authentication via call of
auth
methodThe following user code...
...does the following things:
2.1) Passes realmNameA to getToken
2.2) Uses this to build the URL
2.3) The URL is passed along to Axios
3) Call of resource methods
The following user code...
...does the following things:
3.1) Call the agent's request method, using the existing instance properties
The text was updated successfully, but these errors were encountered: