Re: [keycloak-user] Token validation and public client
Hi,
From the docs:
"Only confidential clients are allowed to invoke the new endpoint, "
https://keycloak.github.io/docs/userguide/keycloak-server/html/Migration_...
[the new endpoint] -->
/realms/{realm}/protocols/openid-connect/token/introspect
But the project :
https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/gr...
Is using public client approach ^ [username, password, no client-secret
etc...]
Any suggestion on this ?
Thanks !
On Mon, Apr 25, 2016 at 7:14 PM, Helio Frota <00hf11(a)gmail.com> wrote:
Hi Bruno,
I'm trying to validate an access token:
https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/gr...
Thanks for the feedback !
On Mon, Apr 25, 2016 at 6:49 PM, Bruno Oliveira <bruno(a)abstractj.org>
wrote:
> It sounds like there's some misconception here. Does not make sense to
> have a public client with client secret configured.
>
> Could you please elaborate more, what exactly are you trying to do? And
> I would really appreciate if you share more details.
>
> On 2016-04-25, Helio Frota wrote:
> > Hi,
> >
> > I found a shell script to use the new introspection path to do token
> > validation:
> > http://lists.jboss.org/pipermail/keycloak-user/2016-April/005869.html
> >
> > I'm using public client and by removing :
> >
> > KC_CLIENT_SECRET=a-test-client-credental
> >
> > The result is:
> >
> > {"error_description":"Authentication
failed.","error":"invalid_request"}
> >
> > It is possible to use validation token for public clients ?
> >
> > Thanks!
>
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> --
>
> abstractj
> PGP: 0x84DC9914
>
Attachments:
- attachment.html (text/html — 3.5 KB)