[keycloak-dev] /tokens/access/codes now uses Basic Auth
Bill Burke
bburke at redhat.com
Fri Feb 21 08:48:32 EST 2014
On 2/21/2014 3:18 AM, Marek Posolda wrote:
> On 20.2.2014 23:26, Bill Burke wrote:
>> Since we're using client secret now to authenticate clients, I changed
>> the protocol to use Basic Auth as per the OAuth and OpenId Connect
>> specs. I updated the javascript adapter to use basic auth (I think),
>> but I don't have an app to test against.
>>
>>
>> P.S.
>>
>> I hear Marek laughing and/or cursing at me in the background...
> You say that:-)
> For JS apps, we may also need to test cors, which I mentioned in
> https://issues.jboss.org/browse/KEYCLOAK-328
>
> Isn't the app here
> https://github.com/keycloak/keycloak/tree/master/examples/demo-template/customer-app-js
> ?
>
BTW, looking at OpenID connect there are multiple options you can
configure for client authentication, Basic Auth is only one of them.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list