Re: [keycloak-dev] Remove realm json at "/auth/realms/<realm name>"
On 08/15/2017 05:00 AM, Stian Thorgersen wrote:
I propose we remove the realm json returned at
"/auth/realms/<realm name>"
and just return an empty page
* It can end-up being visible to end-users - we should rather have a realm
welcome page / SSO landing page here
What is wrong with exposing this json to
users?
* It's not used by anything AFAIK
I'm not sure if this endpoint is documented but it can be used by
users/clients. For example we use this endpoint to fetch the public key
of the realm in openshift.io plus for simple health check. Should
something else be used instead?
* From time to time people complain about it (
https://issues.jboss.org/browse/KEYCLOAK-5279 for instance, there's more
similar issues reported)
It seems that I don't have access to this issue. What
kind of problems
this endpoint can cause?
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev