[keycloak-dev] /tokens/access/codes now uses Basic Auth

Bill Burke bburke at redhat.com
Fri Feb 21 08:48:32 EST 2014

On 2/21/2014 3:18 AM, Marek Posolda wrote:
> On 20.2.2014 23:26, Bill Burke wrote:
>> Since we're using client secret now to authenticate clients, I changed
>> the protocol to use Basic Auth as per the OAuth and OpenId Connect
>> specs.  I updated the javascript adapter to use basic auth (I think),
>> but I don't have an app to test against.
>> P.S.
>> I hear Marek laughing and/or cursing at me in the background...
> You say that:-)
> For JS apps, we may also need to test cors, which I mentioned in
> https://issues.jboss.org/browse/KEYCLOAK-328
> Isn't the app here
> https://github.com/keycloak/keycloak/tree/master/examples/demo-template/customer-app-js
> ?

BTW, looking at OpenID connect there are multiple options you can 
configure for client authentication, Basic Auth is only one of them.

Bill Burke
JBoss, a division of Red Hat

More information about the keycloak-dev mailing list