Re: [keycloak-dev] Credentials in javascript adapter

It might be there from the early days when we didn't have public clients. I'd probably just keep it in case someone is using it with a confidential client as removing it would break it for them. Although strictly speaking you shouldn't use a confidential client with a client-side app.

On Thu, 7 Nov 2019 at 07:42, Michal Hajas <mhajas(a)redhat.com&gt; wrote: > Hello, > > in Javascript adapter we have a possibility to configure a client secret > [1] in order to use Basic authorization for requests for token endpoint > [2]. I haven't found any information in docs about it and I don't > understand why we have it there as public clients don't have secrets. Is > this useful in some scenarios or we should remove it? > > Michal > > [1] > > https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/mai... > & > <https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/mai... > > https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/mai... > > [2] > > https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/mai... > & > <https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/mai... > > https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/mai... > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev