Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-13933 Client Policies
  3. KEYCLOAK-17906

Use "auto-configure" instead of "is-augment"

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 14.0.0
    • Component/s: None
    • Labels:
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      There are few executors, which use "is-augment" as configuration option. For example HolderOfKeyEnforceExecutor or PKCEEnforceExecutor. It will be good to rename this option to "auto-configure" per the feedback on the mailing list https://groups.google.com/g/keycloak-dev/c/MfoTQbNPljE .

      Regarding SecureClientAuthEnforceExecutorFactory, I am thinking about remove of the "is-augment" configuration option entirely and instead just rename configuration option "Augment Client Authentication Method" as "Default Client Authenticator" . In case that this option is not set, it will mean that there won't be any auto-configured client authenticator. In case optis set, it will set client authenticator to the specified configuration, but just in case that it is not pre-set on the client (Similar behaviour like SecureSigningAlgorithmEnforceExecutorFactory is doing for default algorithms). So instead of 3 configuration options for SecureClientAuthEnforceExecutorFactory, we can keep 2 options.

        Attachments

          Activity

            People

            Assignee:
            mposolda@redhat.com Marek Posolda
            Reporter:
            mposolda@redhat.com Marek Posolda
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: