On Nov 3, 2018, at 2:06 AM, Geoffrey Cleaves <geoff(a)opticks.io>
wrote:
Bruce, here's how I fixed the issue you're describing. I think it's a
unfortunate omission in the docs (which are generally quite good). You need to include the
backend client ID in the front end clients aud claim.
https://bitbucket.org/snippets/gcleaves/5ebB58/sso-keycloak
<
https://bitbucket.org/snippets/gcleaves/5ebB58/sso-keycloak>
On Sat, Nov 3, 2018, 01:45 Bruce Wings <testoauth55(a)gmail.com
<mailto:testoauth55@gmail.com> wrote:
Thanks Eric for the reply.
But If I use a separate public client for my angular app, I am not able to
access my Rest Api with the generated token, that's why I had to use
confidential client Json that I used to secure my server. Any idea, what is
the right approach in case of server client architecture?
( My project contains Rest Apis that I have secured with jetty adapter and
confidential client ( as keycloak Authorization works only for confidential
client and not public clients). My angular app is accessing these rest api.
Therefore I used the same confidential client oidc Json in my angular app
too. )
On Friday, November 2, 2018, Eric Boyd Ramirez <eric.ramirez.sv(a)gmail.com
<mailto:eric.ramirez.sv@gmail.com>>
wrote:
> Hi Bruce,
> I am fairly new to Keycloak myself, so I am giving my opinion in hopes
> some else can double check.
> The JS adapter is designed to work with Public clients, siting on the the
> client side, the idea is that the a user/person would have to enter his/her
> credentials to in order to login.
>
> Confidential clients generate an installation JSON or XML configuration
> object which is meant to be installed on the server side/ Application
> server. The user accessing this application does not receive this
> configuration.
>
> Hope this helps.
>
> > On Nov 2, 2018, at 1:28 AM, Bruce Wings <testoauth55(a)gmail.com
<mailto:testoauth55@gmail.com>> wrote:
> >
> > I am referring to Keycloak Javascript adapter as mentioned in :
> >
https://www.keycloak.org/docs/4.5/securing_apps/index.html#_
<
https://www.keycloak.org/docs/4.5/securing_apps/index.html#_>
> javascript_adapter
> >
> > I have a confidential client and I have downloaded keycloak-oidc.json
> > containing client secret. Now I am not sure how secure is it to keep this
> > file containing client-secret at the client side.
> >
> > Am I being over concerned?
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
> >
https://lists.jboss.org/mailman/listinfo/keycloak-user
<
https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<
https://lists.jboss.org/mailman/listinfo/keycloak-user>