[ https://issues.apache.org/jira/browse/OAK-5210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15712493#comment-15712493 ]
angela commented on OAK-5210: ----------------------------- Initial suggestion as provided by [~baedke] in OAK-5209: {quote} [...] for instance by adding a getter for the principal name to the interface ExternalIdentityRef. {quote} > Ability to resolve principal name from ExternalIdentityRef without IDP > roundtrip > -------------------------------------------------------------------------------- > > Key: OAK-5210 > URL: https://issues.apache.org/jira/browse/OAK-5210 > Project: Jackrabbit Oak > Issue Type: New Feature > Components: auth-external > Reporter: angela > > Currently the only way to reliably determine the principal name for a given > external identity is by calling {{ExternalIdentity.getPrincipalName()}}. This > also means that there is currently no way to resolve the principal name from > a given {{ExternalIdentityRef}}, without calling > {{ExternalIdentityProvider.getIdentity(ExternalIdentityRef)}}. > In the default sync mode a given identity-ref will always be resolved to the > associated identity once a given identity is up for (re)sync and thus the > identity resolution is part of the synchronization. On the other hand the > partial sync as provided by the {{DynamicSyncContext}} doesn't require the > resolution of group identities but only needs to be able to obtain the > principal name, which is needed to proper populate the subject upon > repository login (and for permission setup for those group principals). In > this setup it would be preferrable if the principal name could be resolved > from the {{ExternalIdentityRef}} without the intermediate identity resolution. > This aim of this issue is to discuss the different options on how to achieve > this improvement in a generic way that doesn't make any assumptions regarding > the relationship between {{ExternalIdentity.getId}}, > {{ExternalIdentity.getPrincipalName}} and {{ExternalIdentityRef.getId}}. > See also OAK-4930 and OAK-5200 for additional information. -- This message was sent by Atlassian JIRA (v6.3.4#6332)