I don't know...Once you have one public client that supports direct
grants with a large enough scope, there's your attack vector.
On 1/15/2015 7:00 AM, Stian Thorgersen wrote:
I propose we move the "Direct Grant API" enable/disable
from the realm and add it to applications/clients instead. This allows greater control
over what is exposed using the direct grant api.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com