[keycloak-dev] Credentials in javascript adapter

Jon Koops jonkoops at gmail.com
Thu Nov 7 07:55:23 EST 2019 

 We recently also deprecated non-native promises with the intent to remove
this behavior in the future. Would it not then make sense to deprecate this
behavior now and remove it eventually? Especially considering this behavior
is not very secure and just adds extra cruft to the adapter code.

On Thu, Nov 7, 2019 at 1:51 PM Stian Thorgersen <sthorger at redhat.com> wrote:

> It might be there from the early days when we didn't have public clients.
> I'd probably just keep it in case someone is using it with a confidential
> client as removing it would break it for them. Although strictly speaking
> you shouldn't use a confidential client with a client-side app.
>
> On Thu, 7 Nov 2019 at 07:42, Michal Hajas <mhajas at redhat.com> wrote:
>
> > Hello,
> >
> > in Javascript adapter we have a possibility to configure a client secret
> > [1] in order to use Basic authorization for requests for token endpoint
> > [2]. I haven't found any information in docs about it and I don't
> > understand why we have it there as public clients don't have secrets. Is
> > this useful in some scenarios or we should remove it?
> >
> > Michal
> >
> > [1]
> >
> >
> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L882
> > &
> > <
> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L882&
> >
> >
> >
> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L866
> >
> > [2]
> >
> >
> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L617
> > &
> > <
> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L617&
> >
> >
> >
> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L732
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

More information about the keycloak-dev mailing list