[Feature] Upload artifacts to Maven Central

[guilhem-lk]

Is there an existing feature request for this?

• [X] I have searched the existing issues

Is your feature related to a problem? Please describe.

I would like to use your extension in a Maven project.

Currently, the packages are released to GitHub Packages but you say in the docs:

It may happen that I remove older packages without prior notice, because the storage is limited on the free tier.

This is not a viable solution for us, because we need to guarantee the package availability for building our project.

Describe the solution you'd like

We manually uploaded the jar we use to our own Maven repository, but it would be great if all packages were available on Maven Central. Do you plan to support this in the near future?

Describe alternatives you've considered

No response

Anything else?

No response

[sventorben]

Hey @guilhem-lk,

thank you for reaching out and for your interest in using the extension in your Maven project.

I understand your concern about package availability, especially with the current setup on GitHub Packages. Allow me to address your points in detail:

• The extension was initially designed as a drop-in solution, intended for users to download and use directly, rather than as a programming library or framework. Recently, I have added some extension points to support programming usage, primarily to aid organizations, but the extension's core purpose remains unchanged. Expanding it into a full-fledged library could become unmanageable for me as a solo maintainer.
• Before making any major changes, I would like to understand your specific use cases better. There might be features that could be more effectively supported directly within the extension itself. Could you please provide a brief overview of how you are using the extension in your project?
• Currently, the extension is hosted on a public GitHub repository, which provides ample storage for packages. While I have mentioned the possibility of removing older packages due to storage limitations, this is not a current necessity. However, it's crucial for businesses relying on these packages to have their own artifact repositories for proxying and permanent storage.
• Integrating with Maven Central would require adjustments to deployment processes and additional maintenance efforts, which I am not prepared to undertake at this point. GitHub Packages can be seamlessly integrated with Maven, as outlined in GitHub's documentation: Working with the Apache Maven Registry.

Given these considerations, I currently do not plan to support Maven Central. This might be a possibility in the future, but it is not on the roadmap for now.

Thank you for your understanding, and I look forward to hearing more about your use cases.

Best, Sven-Torben

[guilhem-lk]

Hello @sventorben,

No problem, I understand that it requires some major changes in the deployment process. Unfortunately, I never published packages on Maven Central so I can't be of any help on this topic.

Before making any major changes, I would like to understand your specific use cases better. There might be features that could be more effectively supported directly within the extension itself. Could you please provide a brief overview of how you are using the extension in your project?

We want to delegate authentication to another IDP for a subset of our users. For these users, we want them to rely exclusively on the IDP for authentication. We integrated your extension into our own Keycloak extensions project but we needed some extra features:

1. Before activating this feature, these users had a password in Keycloak. Now, this password must not be used anymore so we customized the authentication flows to forbid the password usage. For that, we added a conditional authenticator that check, based on your extension, if a user has an home IDP or not. I see that you suggest exactly what we have implemented in #264
2. We also needed to expose a custom endpoint in Keycloak that returns the home IDP for a provided email. As in the first point, we used your extension to get the home IDP.

For the first point, I can contribute to add it in your extension if you want. But for the second point, I don't think it's relevant to have this endpoint in your extension.

Regards,

Guilhem

[xgp]

Hi @sventorben We're also keen to get this published into Maven Central, as we're using your new Discoverer SPI extension point.

FYI, it's not that big of a change to add a release to Maven Central. E.g. we just run this on commit to main, but it could also be run as a manual action: https://github.com/p2-inc/keycloak-orgs/blob/main/.github/workflows/release.yml

Happy to PR this change if you'd be willing to take a look at it.