Re: [keycloak-user] Keycloak Javascript Adapter - Advisable to be used for confidential clients?

Friday, 2 November 2018

Hi Bruce,
I am fairly new to Keycloak myself, so I am giving my opinion in hopes some else can
double check. 
The JS adapter is designed to work with Public clients, siting on the the client side, the
idea is that the a user/person would have to enter his/her credentials to in order to
login.

Confidential clients generate an installation JSON or XML configuration object which is
meant to be installed on the server side/ Application server. The user accessing this
application does not receive this configuration.    

Hope this helps.

...
 On Nov 2, 2018, at 1:28 AM, Bruce Wings <testoauth55(a)gmail.com&gt;
wrote:

 I am referring to Keycloak Javascript adapter as mentioned in :
 https://www.keycloak.org/docs/4.5/securing_apps/index.html#_javascript_ad...

 I have a confidential client and I have downloaded keycloak-oidc.json
 containing client secret. Now I am not sure how secure is it to keep this
 file containing client-secret at the client side.

 Am I being over concerned?
 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user 

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] Keycloak Javascript Adapter - Advisable to be used for confidential clients?