<div dir="ltr">Hi,<br><br>From the docs:<br><br>&quot;Only confidential clients are allowed to invoke the new endpoint, &quot;<br><br><a href="https://keycloak.github.io/docs/userguide/keycloak-server/html/Migration_from_older_versions.html#d4e4084">https://keycloak.github.io/docs/userguide/keycloak-server/html/Migration_from_older_versions.html#d4e4084</a><br><br>[the new endpoint] --&gt;  /realms/{realm}/protocols/openid-connect/token/introspect<br><br>But the project : <a href="https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/grant-manager.js">https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/grant-manager.js</a><br><br>Is using public client approach  ^  [username, password, no client-secret etc...]<br><br>Any suggestion on this ?<br><div style="text-align:justify"><br></div><div style="text-align:justify">Thanks !</div><div><br></div><div class="gmail_extra"><div class="gmail_quote">On Mon, Apr 25, 2016 at 7:14 PM, Helio Frota <span dir="ltr">&lt;<a href="mailto:00hf11@gmail.com" target="_blank">00hf11@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Bruno,<div><br></div><div>I&#39;m trying to validate an access token:</div><div><br></div><div><a href="https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/grant-manager.js#L260" target="_blank">https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/grant-manager.js#L260</a><br></div><div><br></div><div>Thanks for the feedback !</div><div><br></div><div><br></div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 25, 2016 at 6:49 PM, Bruno Oliveira <span dir="ltr">&lt;<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">It sounds like there&#39;s some misconception here. Does not make sense to<br>
have a public client with client secret configured.<br>
<br>
Could you please elaborate more, what exactly are you trying to do? And<br>
I would really appreciate if you share more details.<br>
<div><div><br>
On 2016-04-25, Helio Frota wrote:<br>
&gt; Hi,<br>
&gt;<br>
&gt; I found a shell script to use the new introspection path to do token<br>
&gt; validation:<br>
&gt; <a href="http://lists.jboss.org/pipermail/keycloak-user/2016-April/005869.html" rel="noreferrer" target="_blank">http://lists.jboss.org/pipermail/keycloak-user/2016-April/005869.html</a><br>
&gt;<br>
&gt; I&#39;m using public client and by removing :<br>
&gt;<br>
&gt; KC_CLIENT_SECRET=a-test-client-credental<br>
&gt;<br>
&gt; The result is:<br>
&gt;<br>
&gt; {&quot;error_description&quot;:&quot;Authentication failed.&quot;,&quot;error&quot;:&quot;invalid_request&quot;}<br>
&gt;<br>
&gt; It is possible to use validation token for public clients ?<br>
&gt;<br>
&gt; Thanks!<br>
<br>
</div></div>&gt; _______________________________________________<br>
&gt; keycloak-user mailing list<br>
&gt; <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
&gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
<br>
<br>
--<br>
<br>
abstractj<br>
PGP: 0x84DC9914<br>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div></div>