[keycloak-dev] why authenticate clients?
Bill Burke
bburke at redhat.com
Mon Mar 3 09:52:25 EST 2014
On 3/3/2014 4:33 AM, Stian Thorgersen wrote:
> Not sure what you're proposing. Are you saying that we shouldn't authenticate clients at all?
>
Not proposing anything. Our pure-javascript/html5 adapter is a public
client. I'm just saying that in that case, its just as secure as a
confidential client is you use SSL. It also helps in cases where its
difficult to distribute/store client secrets, i.e. in the multi-tenant
case that Travis (a keycloak user) has been talking about on the user list.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list