CCCHH/keycloak-attribute-endpoints-provider
0
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Activity Actions

Configure Extension with UiPageProvider #1

Merged
kritzl merged 11 commits from addUiPageProvider into main 2026-03-31 17:53:07 +02:00
Conversation 9 Commits 11 Files changed 9 +410 -128
kritzl commented 2026-02-21 15:49:36 +01:00
Member
Copy link
No description provided. 
Co-authored-by: kritzl <kritzl@kritzl.dev>
Dynamically get a list of attributes to get the keys from, get their
values, ensure they are in a valid format using a regex and finally
return the list of keys as a JSON list.

Co-authored-by: kritzl <kritzl@kritzl.dev>
Co-authored-by: June <june@jsts.xyz>
Co-authored-by: June june@jsts.xyz
- fetch configuration of AdminUiPage Component
- validate config
- use configuration to get attributes
kritzl self-assigned this 2026-02-21 15:49:50 +01:00
kritzl requested review from june 2026-02-21 15:49:59 +01:00
june requested changes 2026-03-24 17:32:54 +01:00
Dismissed
june left a comment
Owner
Copy link

Tested by following the README and using the compose file and it works great. Generally looks good, just a few small things here and there.

Tested by following the README and using the compose file and it works great. Generally looks good, just a few small things here and there.
README.md Outdated
@ -0,0 +8,4 @@
- is in the attribute group matching `attribute-group`
- matches an optional RegEx Pattern `attribute-regex`
- belongs to a user with a role matching `match-role`
- is non-empty
june commented 2026-03-24 15:27:34 +01:00
Owner
Copy link

Should use plural, like:

Every endpoint responds with a list of all attribute values, that: 
- are in the attribute group matching `attribute-group`
- match an optional RegEx Pattern `attribute-regex`
- belong to a user with a role matching `match-role`
- are non-empty
Should use plural, like: ``` Every endpoint responds with a list of all attribute values, that: - are in the attribute group matching `attribute-group` - match an optional RegEx Pattern `attribute-regex` - belong to a user with a role matching `match-role` - are non-empty ```
kritzl marked this conversation as resolved
attribute-endpoints-provider/src/main/java/de/ccc/hamburg/keycloak/attribute_endpoints/AdminUiPage.java Outdated
@ -0,0 +24,4 @@
*/
@AutoService(UiPageProviderFactory.class)
public class AdminUiPage implements UiPageProvider, UiPageProviderFactory<ComponentModel> {
public static final String PROVIDER_ID = "🪪 Attribute Endpoints 🚀";
june commented 2026-03-24 17:31:47 +01:00
Owner
Copy link

I think getting rid of the emojis, while they are fun, might be a good idea.

I think getting rid of the emojis, while they are fun, might be a good idea.
kritzl marked this conversation as resolved
attribute-endpoints-provider/src/main/java/de/ccc/hamburg/keycloak/attribute_endpoints/AttributeEndpointsResourceProvider.java
@ -0,0 +53,4 @@
@GET
@Path("export/{slug}")
@Produces(MediaType.APPLICATION_JSON)
public Response exportKeys(@PathParam("slug") String slug) {
june commented 2026-03-24 17:14:19 +01:00
Owner
Copy link

I guess this should be called something like exportAttributeValues now that this is not just about SSH Keys anymore.

I guess this should be called something like `exportAttributeValues` now that this is not just about SSH Keys anymore.
kritzl marked this conversation as resolved
attribute-endpoints-provider/src/main/java/de/ccc/hamburg/keycloak/attribute_endpoints/AttributeEndpointsResourceProvider.java Outdated
@ -0,0 +106,4 @@
throw new ForbiddenException("User does not have required auth role.");
}
if (componentList.size() > 1) {
june commented 2026-03-24 17:17:54 +01:00
Owner
Copy link

Moving this before line 71, where we get the component to work with might make a bit more sense flow-wise.

Moving this before line 71, where we get the component to work with might make a bit more sense flow-wise.
kritzl marked this conversation as resolved
june commented 2026-03-24 17:33:39 +01:00
Owner
Copy link

Oh, and we have both a test.json and a realm-export.json. Do we want to keep them both, one or none?

Oh, and we have both a `test.json` and a `realm-export.json`. Do we want to keep them both, one or none?
june commented 2026-03-24 17:36:59 +01:00
Owner
Copy link

Reading through the code, I noticed that we are duplicating the validation logic for the AdminUiPage and the AttributeEndpointsResourceProvider. I think this is fine, as it's just refactoring and they do both cater to slightly different use-cases, so a refactor needs some thought, but we might want to look into abstracting that into one place in the future.

Reading through the code, I noticed that we are duplicating the validation logic for the `AdminUiPage` and the `AttributeEndpointsResourceProvider`. I think this is fine, as it's just refactoring and they do both cater to slightly different use-cases, so a refactor needs some thought, but we might want to look into abstracting that into one place in the future.
june reviewed 2026-03-24 17:53:54 +01:00
attribute-endpoints-provider/src/main/java/de/ccc/hamburg/keycloak/attribute_endpoints/AdminUiPage.java Outdated
@ -0,0 +55,4 @@
Pattern slugPattern = Pattern.compile("^[a-zA-Z0-9_-]*$");
String configAttributeSlug = model.getConfig().getFirst("slug");
if (!slugPattern.matcher(configAttributeSlug).matches()) {
june commented 2026-03-24 17:53:54 +01:00
Owner
Copy link

Currently this gives us an ugly exception in the Keycloak logs for an empty slug, as configAttributeSlug is then null. Not critical as it still just errors, but we should probably check, if configAttributeSlug is null. I guess then adding a null check to all the other config$things is probably a good idea as well.

Currently this gives us an ugly exception in the Keycloak logs for an empty slug, as `configAttributeSlug` is then `null`. Not critical as it still just errors, but we should probably check, if `configAttributeSlug` is `null`. I guess then adding a null check to all the other `config$thing`s is probably a good idea as well.
kritzl commented 2026-03-31 14:07:09 +02:00
Author
Member
Copy link

@june wrote in #1 (comment):

Oh, and we have both a test.json and a realm-export.json. Do we want to keep them both, one or none?

I don't think we need them at all ^^

@june wrote in https://git.hamburg.ccc.de/CCCHH/keycloak-attribute-endpoints-provider/pulls/1#issuecomment-3782: > Oh, and we have both a `test.json` and a `realm-export.json`. Do we want to keep them both, one or none? I don't think we need them at all ^^
👍 1
kritzl commented 2026-03-31 15:03:58 +02:00
Author
Member
Copy link

@june can you test if the last commit works as it is intended? My setup is currently broken

@june can you test if the last commit works as it is intended? My setup is currently broken
june requested changes 2026-03-31 15:50:52 +02:00
Dismissed
june left a comment
Owner
Copy link

Just a one more small fix needed, but everything else looks great now!
Will just test the null checks now.

Just a one more small fix needed, but everything else looks great now! Will just test the null checks now.
README.md Outdated
@ -0,0 +53,4 @@
- After creating:
- give it the role `myattribute-export`
- set a password in the users settings `Creadentials > Set password`. For Example `"password"`
8. Under `🪪 Attribute Endpoints 🚀 > Create item`, add a new endpoint to the provider
june commented 2026-03-31 15:44:13 +02:00
Owner
Copy link

This needs to be changed to reflect the new emoji-less version.

This needs to be changed to reflect the new emoji-less version.
june marked this conversation as resolved 
For the configAttributeSlug the further validation fails ugly otherwise
and there's generally no need to do further validation, if a config
string is null.
june commented 2026-03-31 15:57:37 +02:00
Owner
Copy link

@kritzl wrote in #1 (comment):

@june can you test if the last commit works as it is intended? My setup is currently broken

It still failed in an ugly way for the configAttributeSlug as the further validation was still performed, so pushed a commit to only validate non-null config strings further.

@kritzl wrote in https://git.hamburg.ccc.de/CCCHH/keycloak-attribute-endpoints-provider/pulls/1#issuecomment-3848: > @june can you test if the last commit works as it is intended? My setup is currently broken It still failed in an ugly way for the `configAttributeSlug` as the further validation was still performed, so pushed a commit to only validate non-null config strings further.
june approved these changes 2026-03-31 16:03:32 +02:00
june left a comment
Owner
Copy link

If you think it looks good as well, then let's merge. @kritzl

If you think it looks good as well, then let's merge. @kritzl
kritzl merged commit 55168d1d01 into main 2026-03-31 17:53:07 +02:00
kritzl deleted branch addUiPageProvider 2026-03-31 17:53:07 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
june
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
kritzl
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
CCCHH/keycloak-attribute-endpoints-provider!1
No description provided.