Issue with creating same client id in two different realm using the KeycloakClient CR

[Ievgen Mykolenko]

Hi there,

I would like to start a discussion around KEYCLOAK-18346
Namely part of the ticket:  There cannot be two clients in two realms (managed by two Clients CRs) with the same Client ID. This is due to conflicting secrets names that use Client ID instead of the Client CR.

While fix is trivial, just use Client CR name instead of Client ID, it is not backward compatible.

Lets first collect ideas how to proceed with backward compatibility and then pick one :)


Best regards
Ievgen

[Václav Muzikář]

Thank you for opening this discussion. Let's move it to keycloak-dev as keycloak-user is rather meant for usage questions, not for discussing dev topics.

As for backward compatibility. I'd say the most straightforward solution would be for the Operator to check for Secrets with the old name and rename them, if it finds such Secrets. Maybe another solution would be using webhooks but that seems to me like an unnecessary overkill.

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/47f75ba0-ff9a-4eb4-b823-84dc92b0ec00n%40googlegroups.com.

--

Václav Muzikář
Senior Software Engineer
Keycloak / Red Hat Single Sign-On
Red Hat Czech s.r.o.