4:06 p.m.
Hello,
I'm using the Keycloak class and invoking this line:
String secret = keyCloakClient.realm(realmName).clients().findAll().get(0).getSecret();
(get(0) gets the client I need)
but it's always null. For getClientAuthenticatorType() it returns
"client-secret" as it should, and the UI has the secret in it's credentials
tab.
Please advise on how to get the client secret via the object.
Thanks,
Dekel.
The information contained in this message is proprietary to the sender, protected from
disclosure, and may be privileged. The information is intended to be conveyed only to the
designated recipient(s) of the message. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, use, distribution or copying of
this communication is strictly prohibited and may be unlawful. If you have received this
communication in error, please notify us immediately by replying to the message and
deleting it from your computer. Thank you.
5:02 p.m.
Admin REST endpoints purposefully hide any passwords. There is an exception
for client secret - there is an endpoint that will return it to you - the
one used to get a keycloak adapter configuration for a client:
realms/REALM_NAME/clients/ID/installation/providers/keycloak-oidc-keycloak-json
Try:
keyCloakClient.realm(realmName).clients()
.get(ID_OF_CLIENT).getInstallationProvider("keycloak-oidc-keycloak-json");
On Thu, Jan 5, 2017 at 4:06 PM, Dekel Aslan <dekela(a)perfectomobile.com>
wrote:
Hello,
I'm using the Keycloak class and invoking this line:
String secret = keyCloakClient.realm(realmName).clients().findAll()
.get(0).getSecret();
(get(0) gets the client I need)
but it's always null. For getClientAuthenticatorType() it returns
"client-secret" as it should, and the UI has the secret in it's
credentials
tab.
Please advise on how to get the client secret via the object.
Thanks,
Dekel.
The information contained in this message is proprietary to the sender,
protected from disclosure, and may be privileged. The information is
intended to be conveyed only to the designated recipient(s) of the message.
If the reader of this message is not the intended recipient, you are hereby
notified that any dissemination, use, distribution or copying of this
communication is strictly prohibited and may be unlawful. If you have
received this communication in error, please notify us immediately by
replying to the message and deleting it from your computer. Thank you.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
6:56 a.m.
We don't hide the client secret at all actually as it's generated by the
Keycloak Server. For other secrets that are provided by the user we don't
expose them again.
The client secret is just not returned with the client request. One reason
for this is that a client can have different types of credentials and it's
pluggable. Also, there's no need to expose the secret when retrieving
clients in general (i.e. listing all clients). You can get the secret from
where Marko said, but also from:
realms/REALM_NAME/clients/CLIENT_ID/client-secret
And you can also get it through the client registration services. Take a
look at the docs for that one.
On 5 January 2017 at 17:02, Marko Strukelj <mstrukel(a)redhat.com> wrote:
Admin REST endpoints purposefully hide any passwords. There is an
exception
for client secret - there is an endpoint that will return it to you - the
one used to get a keycloak adapter configuration for a client:
realms/REALM_NAME/clients/ID/installation/providers/
keycloak-oidc-keycloak-json
Try:
keyCloakClient.realm(realmName).clients()
.get(ID_OF_CLIENT).getInstallationProvider("keycloak-oidc-keycloak-json");
On Thu, Jan 5, 2017 at 4:06 PM, Dekel Aslan <dekela(a)perfectomobile.com>
wrote:
> Hello,
> I'm using the Keycloak class and invoking this line:
> String secret = keyCloakClient.realm(realmName).clients().findAll()
> .get(0).getSecret();
> (get(0) gets the client I need)
> but it's always null. For getClientAuthenticatorType() it returns
> "client-secret" as it should, and the UI has the secret in it's
credentials
> tab.
>
> Please advise on how to get the client secret via the object.
>
> Thanks,
> Dekel.
>
> The information contained in this message is proprietary to the sender,
> protected from disclosure, and may be privileged. The information is
> intended to be conveyed only to the designated recipient(s) of the
message.
> If the reader of this message is not the intended recipient, you are
hereby
> notified that any dissemination, use, distribution or copying of this
> communication is strictly prohibited and may be unlawful. If you have
> received this communication in error, please notify us immediately by
> replying to the message and deleting it from your computer. Thank you.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
2660
days inactive
2661
days old
2 comments
3 participants
participants (3)
-
Dekel Aslan -
Marko Strukelj -
Stian Thorgersen