We recently also deprecated non-native promises with the intent to remove
this behavior in the future. Would it not then make sense to deprecate this
behavior now and remove it eventually? Especially considering this behavior
is not very secure and just adds extra cruft to the adapter code.
On Thu, Nov 7, 2019 at 1:51 PM Stian Thorgersen <sthorger(a)redhat.com> wrote:
It might be there from the early days when we didn't have public
clients.
I'd probably just keep it in case someone is using it with a confidential
client as removing it would break it for them. Although strictly speaking
you shouldn't use a confidential client with a client-side app.
On Thu, 7 Nov 2019 at 07:42, Michal Hajas <mhajas(a)redhat.com> wrote:
> Hello,
>
> in Javascript adapter we have a possibility to configure a client secret
> [1] in order to use Basic authorization for requests for token endpoint
> [2]. I haven't found any information in docs about it and I don't
> understand why we have it there as public clients don't have secrets. Is
> this useful in some scenarios or we should remove it?
>
> Michal
>
> [1]
>
>
https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/mai...
> &
> <
https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/mai...
>
>
>
https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/mai...
>
> [2]
>
>
https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/mai...
> &
> <
https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/mai...
>
>
>
https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/mai...
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev