Re: [keycloak-user] keycloak.json configuration - link between resource attribute and Keycloak client
It's because of the "bearer-only" nature of your client. Only the token is
verified. In some cases it could use the 'resource' property if for
instance "use-resource-role-mappings" is used (
https://github.com/keycloak/keycloak/blob/master/adapters/oidc/adapter-co...)
On Wed, Aug 9, 2017 at 9:57 AM, Marc Destefanis <
marc.destefanis(a)easytrust.com> wrote:
Hi,
I don't understand how the < resource > attribute from the keycloak.json
is bound to a client. I explain the case I face :
In my WAR I have a keycloak.json which contains the value < WS > on the <
resource > attribute.
I've previously created a < GUI > client that allows me to generate a
token and a < WS > client with a bearer-only access type that I use to
secure my WARs.
Everything works fine, my WARs are secured and I'm able to request the web
services with the token generated with the GUI client.
BUT,
If I change the < resource > attribute value with a client name which
doesn't exist it still works.
I can set the < resource > attribute to < anyThing > or < oneTwoThree
>
etc and it still works even if I didn't create these clients.
I was expecting an error like < the client oneTwoThree doesn't exist > or
something else when I request a web service secured in a WAR with a non
existing resource value in the keycloak.json file.
Is it a normal behavior ?
Do I misunderstood something or do I have an issue ?
Regards,
Marc Destefanis.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user