Discourage obtaining the KeycloakSession
by means other than when creating a provider
#29107
Labels
area/core
kind/enhancement
Categorizes a PR related to an enhancement
priority/important
Must be worked on very soon
team/cloud-native
team/core-shared
Description
In order to avoid coupling extensions with technologies from the underlying stack used by the server and not fully-supported we need a consistent and supported mechanism to obtain the
KeycloakSession
when developing custom extensions.Extensions should favor obtaining the session whenever they are creating
Provider
instances from their correspondingProviderFactory
and any other mechanism to do that should not be supported or exposed.As an example, the fact we currently support CDI does not mean that Keycloak supports CDI so using its APIs should be discouraged. A similar approach was taken when removing JAX-RS injection points from our REST layer for JAX-RS specific beans such as the request and response objects.
The main goal here is long-term maintainability and backward compatibility.
Discussion
#28182
Motivation
The main goal here is long-term maintainability and backward compatibility.
Details
No response
The text was updated successfully, but these errors were encountered: