[keycloak-user] how to use keycloak JS Adapter with a signed JWT Token?

Kevin Berendsen kevin.berendsen at pharmapartners.nl
Mon Apr 17 16:22:12 EDT 2017


Hi Celso,

Angular is written in JavaScript which is basically all client side. Meaning that if you use a private key on client side, the key must be publicly accessible and I'm sure you don't want that.
You must configure any JavaScript client to be a public client. It's all there in the docs of Keycloak [1][2]

I know it's not really the answer you're looking for but this could blow a major security issue in your application.

[1] https://www.keycloak.org/docs/3.0/securing_apps/topics/oidc/javascript-adapter.html
[2] https://www.keycloak.org/docs/3.0/server_admin/topics/clients/client-oidc.html#_access-type 

Kind regards,

Kevin Berendsen

-----Oorspronkelijk bericht-----
Van: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] Namens Celso Agra
Verzonden: maandag 17 april 2017 16:10
Aan: keycloak-user <keycloak-user at lists.jboss.org>
Onderwerp: [keycloak-user] how to use keycloak JS Adapter with a signed JWT Token?

Hi there,

It's me again!
I'd like to know if would be possible to configure my frontend app with keycloak JS adapter, bu my app is configured with a signed JWT.

Here is the credential configs:
"credentials": {
  "jwt": {
    "client-key-password": "REPLACE WITH THE KEY PASSWORD IN KEYSTORE",
    "client-keystore-file": "REPLACE WITH THE LOCATION OF YOUR KEYSTORE FILE",
    "client-keystore-password": "REPLACE WITH THE KEYSTORE PASSWORD",
    "client-key-alias": "<my alias>",
    "token-timeout": 10,
    "client-keystore-type": "jks"
  }
}

When I try to add this config in the Keycloak JS:
https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js

I haven't see config to do with signed JWT. So, How people do this configuration?
Best regards,

--
---
*Celso Agra*
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list