Merge pull request #1916 from mposolda/master

KEYCLOAK-2172 Added migration docs
This commit is contained in:
Marek Posolda 2015-12-01 17:03:15 +01:00
commit a388782f9b
2 changed files with 16 additions and 3 deletions

View file

@ -120,6 +120,16 @@
the various HTTP error codes. See documentation for more details if you want to catch and handle adapter error conditions. the various HTTP error codes. See documentation for more details if you want to catch and handle adapter error conditions.
</para> </para>
</simplesect> </simplesect>
<simplesect>
<title>IdentityProviderMapper changes</title>
<para>
There is no change in the interface itself or method signatures. However there is some change in behaviour. We added <literal>First Broker Login</literal> flow
in this release and the method <literal>IdentityProviderMapper.importNewUser</literal> is now called after <literal>First Broker Login</literal> flow is finished.
So if you want to have any attribute available in <literal>Review Profile</literal> page, you would need to use
the method <literal>preprocessFederatedIdentity</literal> instead of <literal>importNewUser</literal> . You can set any attribute by
invoke <literal>BrokeredIdentityContext.setUserAttribute</literal> and that will be available on <literal>Review profile</literal> page.
</para>
</simplesect>
</section> </section>
<section> <section>
<title>Migrating to 1.6.0.Final</title> <title>Migrating to 1.6.0.Final</title>

View file

@ -164,9 +164,12 @@ keycloak.init({ flow: 'implicit' })
Keycloak also have support for <ulink url="http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth">OpenID Connect Hybrid flow</ulink>. This requires Keycloak also have support for <ulink url="http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth">OpenID Connect Hybrid flow</ulink>. This requires
that client in admin console has both flags <literal>Standard Flow Enabled</literal> and <literal>Implicit Flow Enabled</literal> enabled in admin console. that client in admin console has both flags <literal>Standard Flow Enabled</literal> and <literal>Implicit Flow Enabled</literal> enabled in admin console.
The Keycloak will send both the code and tokens to your application. Access token can be immediately used and in the meantime, code can be exchanged for access token and refresh token. The Keycloak will send both the code and tokens to your application. Access token can be immediately used and in the meantime, code can be exchanged for access token and refresh token.
Hybrid flow is good for performance similarly like implicit flow, because access token is available. But similarly like implicit flow, the token is sent in URL fragment, so security may not be so good. Hybrid flow is good for performance similarly like implicit flow, because access token is available immediatelly to your application. But similarly like implicit flow, the token is
In addition to implicit flow, you have also refresh token available in your application. For hybrid flow, you need to pass the parameter sent in URL fragment, so security may not be so good.
<literal>flow</literal> with value <literal>hybrid</literal> to <literal>init</literal> method. One advantage over implicit flow is, that you have also refresh token available in your application (after code-to-token request is finished in background).
</para>
<para>
For hybrid flow, you need to pass the parameter <literal>flow</literal> with value <literal>hybrid</literal> to <literal>init</literal> method.
</para> </para>
</section> </section>