I didn't think there was, but I had to check.
I have a module that I have to use that authenticates a user. So when a user goes to a
UI, they will be required to authenticate with this. It validates that they are who they
are. From there the UI (pure JS) would call an application that is secured with Keycloak
so the request needs a token to access it. A lot of our application to application calls
are set up as clients with confidential access, so the application is what the ticket is
for, not the user using the application. Make sense?
________________________________
From: Stian Thorgersen <sthorger(a)redhat.com>
Sent: Monday, January 9, 2017 3:46 AM
To: Matt H
Cc: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Get token for JS UI
No, of course there isn't. A JS app runs entirely within the users browser.
Can you explain what you're actually trying to achieve? I don't get it.
On 6 January 2017 at 16:29, Matt H
<tsdgcc2087@outlook.com<mailto:tsdgcc2087@outlook.com>> wrote:
I have a situation where I need my javascript UI (all client side) to obtain a token from
Keycloak. The token would not be specific to the user but for the UI itself. Looking at
the documentation for the Javascript Adapter, it appears that it only works for getting a
token for the user and is a public access type. Is it possible to get a token for the UI
and treat the UI as a confidential client? It would need to then have a secret key,
right? Is there a good way to store that secret key so that it can't be read by users
who just browse the source from their browser?
The reason for doing this is I have another authentication engine that is used to access
the UI. The users would then not have an account in Keycloak.
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user