[keycloak-dev] Getting client secret in rest

Stian Thorgersen sthorger at redhat.com
Fri Jan 6 00:56:50 EST 2017


We don't hide the client secret at all actually as it's generated by the
Keycloak Server. For other secrets that are provided by the user we don't
expose them again.

The client secret is just not returned with the client request. One reason
for this is that a client can have different types of credentials and it's
pluggable. Also, there's no need to expose the secret when retrieving
clients in general (i.e. listing all clients). You can get the secret from
where Marko said, but also from:

realms/REALM_NAME/clients/CLIENT_ID/client-secret

And you can also get it through the client registration services. Take a
look at the docs for that one.

On 5 January 2017 at 17:02, Marko Strukelj <mstrukel at redhat.com> wrote:

> Admin REST endpoints purposefully hide any passwords. There is an exception
> for client secret - there is an endpoint that will return it to you - the
> one used to get a keycloak adapter configuration for a client:
>
> realms/REALM_NAME/clients/ID/installation/providers/
> keycloak-oidc-keycloak-json
>
> Try:
>
> keyCloakClient.realm(realmName).clients()
> .get(ID_OF_CLIENT).getInstallationProvider("keycloak-oidc-keycloak-json");
>
>
> On Thu, Jan 5, 2017 at 4:06 PM, Dekel Aslan <dekela at perfectomobile.com>
> wrote:
>
> > Hello,
> > I'm using the Keycloak class and invoking this line:
> > String secret = keyCloakClient.realm(realmName).clients().findAll()
> > .get(0).getSecret();
> > (get(0) gets the client I need)
> > but it's always null. For getClientAuthenticatorType() it returns
> > "client-secret" as it should, and the UI has the secret in it's
> credentials
> > tab.
> >
> > Please advise on how to get the client secret via the object.
> >
> > Thanks,
> > Dekel.
> >
> > The information contained in this message is proprietary to the sender,
> > protected from disclosure, and may be privileged. The information is
> > intended to be conveyed only to the designated recipient(s) of the
> message.
> > If the reader of this message is not the intended recipient, you are
> hereby
> > notified that any dissemination, use, distribution or copying of this
> > communication is strictly prohibited and may be unlawful. If you have
> > received this communication in error, please notify us immediately by
> > replying to the message and deleting it from your computer. Thank you.
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>


More information about the keycloak-dev mailing list