Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Allow overriding Account Console resources for full control and backwards compatibility #22318

New issue
New issue
Closed
#22317
Closed
Allow overriding Account Console resources for full control and backwards compatibility#22318
#22317
Labels
kind/enhancementCategorizes a PR related to an enhancementpriority/importantMust be worked on very soon
Milestone
23.0.0
@xgp

Description

@xgp
xgp
opened on Aug 8, 2023

Description

The recent removal of the Account console v1 presents significant challenges to users/tools that depended on extending that version (e.g. Keycloakify ). Furthermore, there are no extension points that allow developers to bring back that method of rendering the account console, or choose to take alternate approaches.

Because the AccountLoader code removed the mechanism of loading a different JAX-RS resource depending on account theme, there is no longer a way to serve the resources and theme from the /account path.

However, that one point provides a good extension point that could allow great flexibility in how extension authors built their own account themes.

cc @garronej @ssilvert

Discussion

https://groups.google.com/g/keycloak-dev/c/j0aEZTWh-Lw

Motivation

This would allow users and tool authors who previously extended the v1 account theme to revive it as an extension to Keycloak. Additionally, because the /account resource could be entirely under the control of an extension author, it would allow new approaches that haven't yet been tried.

Details

Copied from https://groups.google.com/g/keycloak-dev/c/j0aEZTWh-Lw/m/Ct7_9u2kAwAJ?

I suggest the following changes to maintain support for alternate approaches to the account console:

  1. Create a new Spi that provides an AccountResourceProvider.
  2. The AccountResourceProvider would be a simple interface with two methods:
public interface AccountResourceProvider extends Provider {
  /** Return true if this should be used with the given theme. */
  boolean useWithTheme(Theme theme);

  /** Returns a JAX-RS resource instance. */
  Object getResource();
}
  1. Update the AccountLoader code to check if the provider should be used with the Theme:
...
        Theme theme = getTheme(session);
        UriInfo uriInfo = session.getContext().getUri();
        AccountResourceProvider accountResourceProvider = session.getProvider(AccountResourceProvider.class); //new

        if (request.getHttpMethod().equals(HttpMethod.OPTIONS)) {
            return new CorsPreflightService(request);
        } else if ((accepts.contains(MediaType.APPLICATION_JSON_TYPE) || MediaType.APPLICATION_JSON_TYPE.equals(content)) && !uriInfo.getPath().endsWith("keycloak.json")) {
            return getAccountRestService(client, null);
        } else if (accountResourceProvider != null && accountResourceProvider.useWithTheme(theme)) { //new
            return accountResourceProvider.getResource(); //new
        } else if (Profile.isFeatureEnabled(Profile.Feature.ACCOUNT2) || Profile.isFeatureEnabled(Profile.Feature.ACCOUNT3)) {
            AccountConsole console = new AccountConsole(session, client, theme);
            console.init();
            return console;
        } else {
            throw new NotFoundException();
        }
...

Draft PR available here #22317

We did a PoC that demonstrated the viability of recreating the account theme as an extension. https://github.com/xgp/keycloak-account-v1

TODO

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/enhancementCategorizes a PR related to an enhancementpriority/importantMust be worked on very soon

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions