[keycloak-user] Using Keycloak admin client on a web browser
Geoffrey Cleaves
geoff at opticks.io
Tue Dec 4 06:06:43 EST 2018
I believe the flow should be that the end user logs into your web app via
Keycloak. The web app communicates with your back end using the Keycloak
token. Your backend checks for a particular Keycloak role in the token, and
if it exists, then the backend communicates with the Admin API using a
seperate admin token.
Regards,
Geoffrey Cleaves
On Tue, 4 Dec 2018 at 11:34, Vikram Eswar <vikram.eswar at gmail.com> wrote:
> Thanks a lot Geoffrey !
> I had the same in mind, but was not sure.
>
> Regards,
> Vikram
>
> On Tue, Dec 4, 2018 at 10:52 AM Geoffrey Cleaves <geoff at opticks.io> wrote:
>
>> Any user agent that can call a REST API can perform admin tasks. See this
>> documentation: https://www.keycloak.org/docs-api/4.6/rest-api/index.html
>>
>> Since the admin password would be plainly visible in the HTML code
>> executed by the web browser, and not knowing more about your architecture,
>> this sounds like an extremely bad idea.
>>
>> Instead, I believe your web browser should communicate with your own
>> backend, and your backend should perform the admin tasks. This way the
>> admin password will not be visible in the HTML code.
>>
>> Regards,
>> Geoffrey Cleaves
>>
>> On Tue, 4 Dec 2018 at 10:41, Vikram Eswar <vikram.eswar at gmail.com> wrote:
>>
>>> Hi all,
>>>
>>> is it possible to implement a keycloak admin client to add / delete/
>>> update
>>> users from a web browser or is it just available for node js ? If it is
>>> possible with a browser, could someone please give me some support on how
>>> to do that ?
>>>
>>> Regards,
>>> Vikram
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
More information about the keycloak-user
mailing list