[keycloak-dev] Credentials in javascript adapter
Stian Thorgersen
sthorger at redhat.com
Thu Nov 7 07:46:36 EST 2019
It might be there from the early days when we didn't have public clients.
I'd probably just keep it in case someone is using it with a confidential
client as removing it would break it for them. Although strictly speaking
you shouldn't use a confidential client with a client-side app.
On Thu, 7 Nov 2019 at 07:42, Michal Hajas <mhajas at redhat.com> wrote:
> Hello,
>
> in Javascript adapter we have a possibility to configure a client secret
> [1] in order to use Basic authorization for requests for token endpoint
> [2]. I haven't found any information in docs about it and I don't
> understand why we have it there as public clients don't have secrets. Is
> this useful in some scenarios or we should remove it?
>
> Michal
>
> [1]
>
> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L882
> &
> <https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L882&>
>
> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L866
>
> [2]
>
> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L617
> &
> <https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L617&>
>
> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L732
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list