Re: [keycloak-user] Keycloak Javascript Adapter - Advisable to be used for confidential clients?
I believe you're missing an important step from the docs. The docs
state that Javascript clients should be configured as public clients.
I don't think it's a good idea to store client secret into web apps,
it's really unsafe.
On Fri, Nov 2, 2018 at 4:28 AM Bruce Wings <testoauth55(a)gmail.com> wrote:
I am referring to Keycloak Javascript adapter as mentioned in :
https://www.keycloak.org/docs/4.5/securing_apps/index.html#_javascript_ad...
I have a confidential client and I have downloaded keycloak-oidc.json
containing client secret. Now I am not sure how secure is it to keep this
file containing client-secret at the client side.
Am I being over concerned?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
- abstractj