<div dir="ltr">Hi All<div><br></div><div>I've been updating the keycloak-nodejs-auth-utils module to keep up with recent changes in Keycloak, and one thing I've noticed seems to contradict what's written in the documentation. Can anyone provide clarity on this for me?</div><div><br></div><div>In the docs for Direct Access Grants[1] it says, "<span style="color:rgb(51,51,51);font-family:'Lucida Grande',Geneva,Verdana,Arial,sans-serif;font-size:12px;line-height:18px;text-align:justify">For confidential client's, you must create a Basic Auth</span><span style="color:rgb(51,51,51);font-family:'Lucida Grande',Geneva,Verdana,Arial,sans-serif;font-size:12px;line-height:18px;text-align:justify"> </span><code class="" style="color:rgb(51,51,51);line-height:18px;text-align:justify;font-size:0.9em;font-family:courrier,monospace;white-space:nowrap">Authorization</code><span style="color:rgb(51,51,51);font-family:'Lucida Grande',Geneva,Verdana,Arial,sans-serif;font-size:12px;line-height:18px;text-align:justify"> </span><span style="color:rgb(51,51,51);font-family:'Lucida Grande',Geneva,Verdana,Arial,sans-serif;font-size:12px;line-height:18px;text-align:justify">header that contains the client_id and client secret. And pass in the form parameters for username and for each user credential. For example:"</span></div><pre class="" style="font-size:0.9em;font-family:courrier,monospace;color:rgb(51,51,51);overflow:auto;padding:5px 15px 5px 25px;border:1px solid rgb(204,204,204);line-height:18px;text-align:justify;background-color:rgb(245,245,245)"> POST /auth/realms/demo/protocol/openid-connect/token
Authorization: Basic atasdf023l2312023
Content-Type: application/x-www-form-urlencoded
username=bburke&password=geheim&grant_type=password</pre><div>(That's copied and pasted into GMail. I hope the formatting is OK).</div><div><br></div><div>But in the keycloak-nodejs-auth-utils module, I am able to obtain a grant without including the username and password. Additionally, I must specify 'client_credentials' as the grant_type [2].</div><div><br></div><div>Do I misunderstand what is going on here or is the documentation out of date?</div><div><br></div><div>Thanks</div><div>Lance</div><div><br></div><div>[1] <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html">http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html</a></div><div>[2] <a href="https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/grant-manager.js#L71-L79">https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/grant-manager.js#L71-L79</a></div></div>