This functionality depends on APIs bundled in the keycloak-model-legacy module. It will soon be replaced with the new map storage API which provides a uniform way to access both local and external information about users and other entities, and the old APIs will be removed eventually.
As I’m planning to create a new custom module using UserStorageSPI I wonder if there’s any information available about
when that will happen?
or maybe some preview versions of the new APIs?
or something one can do now already to facilitate migrating to the new APIs once they’re ready?
The authors and maintainers of Keycloak haven’t given much insight into hard dates. However, they do respond to questions on the Keycloak Github discussions Discussions · Keycloak X New Store · keycloak/keycloak · GitHub Currently, I’m advising companies that I work with not to build on the existing User Storage SPI.
I still recommend to use the existing API, as there is nothing stable out yet. The new Storage SPI is still in development, not that much documentation exists, etc.
But, at the same time, I do clearly mention that there will be “some” (nobody knows how much exactly) effort in the future to migrate from the legacy to the the new API. But also nobody knows when this will be the case and how much time there will be to do the migration.
I think that’s reasonable. The reason I’m recommending otherwise is that I don’t want anyone to be making such a significant investment in a situation of uncertainty. Building something that might not work in a few months, or might require them to maintain an old version could be very costly. That said, the “new” Storage SPI has been “coming” for years, and, from the outside, looks like it could be years more before it is a stable alternative. This post, and many others, boil down to a desire for more transparency from the authors and maintainers.
We’ve been planning to migrate from our existing IDP to Keycloak 21 because we assumed it was just around the corner. We have a mult-tenant SaaS with a very large number of realms so the legacy storage wouldn’t be a good fit.
Probably yes.
The blog post is just a… well, blog post, where the team wrote some assumptions from their perspective back one year ago. There’s no statement that this is the official release roadmap. Red Hat never had and probably won’t have any public roadmaps anyone can rely on. Features are available when they are done. Whatever that means.
Perhaps the Map Storage is available with 21, perhaps not.
That link does indicate that in September/October of 2022:
New store is graduated to the new default store
That did not happen. I would also invite you to take a look at predicted dates for Keycloak feature releases, and then the actual release dates in the changelogs. They are often very different. Even a year off.
Also, I would think twice about migrating a large production app to the new store immediately on release, unless you want to be the guinea pig that will figure out all the bugs for us.
We’re a/b testing a new version of the app so it’d only be a few users to start with