You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When creating a new Keycloak client with a ClientRepresentation containing authorizationSettingsEnabled: true and authorizationSettings, Keycloak respects these fields and maps them to their corresponding JPA fields.
When creating a new Keycloak client without the former fields and then updating it afterwards with the authorizationSettings* fields, Keycloak simply creates a authorization service with default resources instead of the ones that are provided by ClientRepresentation of the request.
Keycloak should respect authorizationSettings when updating existing clients if they are provided, or else create default resources instead.
Discussion
No response
Motivation
I would have expected Keycloak to apply the provided authorizationSettings when updating an existing client. This use case can be crucial for e. g. Keycloak Operator when specifying authorizationSettings in Client CRs whose Keycloak Clients already exist in Keycloak and just need updates.
Details
I scanned through org.keycloak.services.resources.admin.ClientsResource#createClient, org.keycloak.services.resources.admin.ClientResource#update and org.keycloak.authorization.admin.ResourceServerService#create.
ResourceServer#create simply creates a new authorization resource server with default credentials.
I imagine that Keycloak can update the ResourceServer of the client's authorization service in a similar fashion like when a client is created in org.keycloak.services.resources.admin.ClientsResource#createClient
Description
When creating a new Keycloak client with a
ClientRepresentation
containingauthorizationSettingsEnabled: true
andauthorizationSettings
, Keycloak respects these fields and maps them to their corresponding JPA fields.When creating a new Keycloak client without the former fields and then updating it afterwards with the
authorizationSettings*
fields, Keycloak simply creates a authorization service with default resources instead of the ones that are provided byClientRepresentation
of the request.Keycloak should respect
authorizationSettings
when updating existing clients if they are provided, or else create default resources instead.Discussion
No response
Motivation
I would have expected Keycloak to apply the provided
authorizationSettings
when updating an existing client. This use case can be crucial for e. g. Keycloak Operator when specifyingauthorizationSettings
in Client CRs whose Keycloak Clients already exist in Keycloak and just need updates.Details
I scanned through
org.keycloak.services.resources.admin.ClientsResource#createClient
,org.keycloak.services.resources.admin.ClientResource#update
andorg.keycloak.authorization.admin.ResourceServerService#create
.ResourceServer#create
simply creates a new authorization resource server with default credentials.keycloak/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java
Lines 84 to 88 in dc2c73b
I imagine that Keycloak can update the
ResourceServer
of the client's authorization service in a similar fashion like when a client is created inorg.keycloak.services.resources.admin.ClientsResource#createClient
keycloak/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
Lines 188 to 198 in dc2c73b
or call
ResourceServerService#update
after creating a newResourceService
for authorization purposes.keycloak/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java
Lines 96 to 103 in dc2c73b
The text was updated successfully, but these errors were encountered: