<div dir="ltr">Hi,<br><br>From the docs:<br><br>"Only confidential clients are allowed to invoke the new endpoint, "<br><br><a href="https://keycloak.github.io/docs/userguide/keycloak-server/html/Migration_from_older_versions.html#d4e4084">https://keycloak.github.io/docs/userguide/keycloak-server/html/Migration_from_older_versions.html#d4e4084</a><br><br>[the new endpoint] --> /realms/{realm}/protocols/openid-connect/token/introspect<br><br>But the project : <a href="https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/grant-manager.js">https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/grant-manager.js</a><br><br>Is using public client approach ^ [username, password, no client-secret etc...]<br><br>Any suggestion on this ?<br><div style="text-align:justify"><br></div><div style="text-align:justify">Thanks !</div><div><br></div><div class="gmail_extra"><div class="gmail_quote">On Mon, Apr 25, 2016 at 7:14 PM, Helio Frota <span dir="ltr"><<a href="mailto:00hf11@gmail.com" target="_blank">00hf11@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Bruno,<div><br></div><div>I'm trying to validate an access token:</div><div><br></div><div><a href="https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/grant-manager.js#L260" target="_blank">https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/grant-manager.js#L260</a><br></div><div><br></div><div>Thanks for the feedback !</div><div><br></div><div><br></div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 25, 2016 at 6:49 PM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">It sounds like there's some misconception here. Does not make sense to<br>
have a public client with client secret configured.<br>
<br>
Could you please elaborate more, what exactly are you trying to do? And<br>
I would really appreciate if you share more details.<br>
<div><div><br>
On 2016-04-25, Helio Frota wrote:<br>
> Hi,<br>
><br>
> I found a shell script to use the new introspection path to do token<br>
> validation:<br>
> <a href="http://lists.jboss.org/pipermail/keycloak-user/2016-April/005869.html" rel="noreferrer" target="_blank">http://lists.jboss.org/pipermail/keycloak-user/2016-April/005869.html</a><br>
><br>
> I'm using public client and by removing :<br>
><br>
> KC_CLIENT_SECRET=a-test-client-credental<br>
><br>
> The result is:<br>
><br>
> {"error_description":"Authentication failed.","error":"invalid_request"}<br>
><br>
> It is possible to use validation token for public clients ?<br>
><br>
> Thanks!<br>
<br>
</div></div>> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
<br>
<br>
--<br>
<br>
abstractj<br>
PGP: 0x84DC9914<br>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div></div>