We don't hide the client secret at all actually as it's generated by the
Keycloak Server. For other secrets that are provided by the user we don't
expose them again.
The client secret is just not returned with the client request. One reason
for this is that a client can have different types of credentials and it's
pluggable. Also, there's no need to expose the secret when retrieving
clients in general (i.e. listing all clients). You can get the secret from
where Marko said, but also from:
realms/REALM_NAME/clients/CLIENT_ID/client-secret
And you can also get it through the client registration services. Take a
look at the docs for that one.
On 5 January 2017 at 17:02, Marko Strukelj <mstrukel(a)redhat.com> wrote:
Admin REST endpoints purposefully hide any passwords. There is an
exception
for client secret - there is an endpoint that will return it to you - the
one used to get a keycloak adapter configuration for a client:
realms/REALM_NAME/clients/ID/installation/providers/
keycloak-oidc-keycloak-json
Try:
keyCloakClient.realm(realmName).clients()
.get(ID_OF_CLIENT).getInstallationProvider("keycloak-oidc-keycloak-json");
On Thu, Jan 5, 2017 at 4:06 PM, Dekel Aslan <dekela(a)perfectomobile.com>
wrote:
> Hello,
> I'm using the Keycloak class and invoking this line:
> String secret = keyCloakClient.realm(realmName).clients().findAll()
> .get(0).getSecret();
> (get(0) gets the client I need)
> but it's always null. For getClientAuthenticatorType() it returns
> "client-secret" as it should, and the UI has the secret in it's
credentials
> tab.
>
> Please advise on how to get the client secret via the object.
>
> Thanks,
> Dekel.
>
> The information contained in this message is proprietary to the sender,
> protected from disclosure, and may be privileged. The information is
> intended to be conveyed only to the designated recipient(s) of the
message.
> If the reader of this message is not the intended recipient, you are
hereby
> notified that any dissemination, use, distribution or copying of this
> communication is strictly prohibited and may be unlawful. If you have
> received this communication in error, please notify us immediately by
> replying to the message and deleting it from your computer. Thank you.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev