Why does the Keycloak REST API return an "autheticatorFlow" (sic!) attribute when reading authentication/flows?

Question

When reading authentication flows with kcadm.sh get authentication/flows -r master I get this result for the builtin flows

{
  "id" : "cee86f07-db10-4e84-9a5e-a9c6ae1c3703",
  "alias" : "http challenge",
  "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
  "providerId" : "basic-flow",
  "topLevel" : true,
  "builtIn" : true,
  "authenticationExecutions" : [ {
    "authenticator" : "no-cookie-redirect",
    "authenticatorFlow" : false,     <---
    "autheticatorFlow" : false,      <---
    "requirement" : "REQUIRED",
    "priority" : 10,
    "userSetupAllowed" : false
  }, {
    "authenticatorFlow" : true,
    "requirement" : "REQUIRED",
    "priority" : 20,
    "autheticatorFlow" : true,
    "flowAlias" : "Authentication Options",
    "userSetupAllowed" : false
  } ]
}

That field is nowhere mentioned in the REST API documentation. Is there a deeper meaning in this, or is this just some leftover typo that is kept for compatibility (like HTTP Referer vs HTTP Referrer)? Do I have to set this undocumented field when creating a new flow via REST API?

Answer 1

Short story: Use "authenticatorFlow"

It would appear this is a long standing spelling typo. If you dig into the keycloak source code e.g. v15.1.1 here: https://github.com/keycloak/keycloak/blob/15.1.1/core/src/main/java/org/keycloak/representations/idm/AbstractAuthenticationExecutionRepresentation.java#L71 You will see the misspelled "autheticatorFlow" is marked as deprecated.

@Deprecated
public void setAutheticatorFlow(boolean autheticatorFlow) {
    this.authenticatorFlow = autheticatorFlow;
}

...snip...

public void setAuthenticatorFlow(boolean authenticatorFlow) {
    this.authenticatorFlow = authenticatorFlow;
}

In other parts of the source you will see a setter for the correctly spelled property "authenticatorFlow" e.g. here: https://github.com/keycloak/keycloak/blob/15.1.1/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java#L1649 (which shows the misspelling is down to the db column).

model.setAuthenticatorFlow(entity.isAutheticatorFlow());

It should be safe to use the correctly spelled "authenticatorFlow". However always evaluate for your specific version.