[keycloak-dev] Credentials in javascript adapter
Stian Thorgersen
sthorger at redhat.com
Thu Nov 7 07:57:16 EST 2019
That'd work. As it's not documented we can probably instead just log a
warning to the console?
On Thu, 7 Nov 2019 at 13:55, Jon Koops <jonkoops at gmail.com> wrote:
> We recently also deprecated non-native promises with the intent to remove
> this behavior in the future. Would it not then make sense to deprecate this
> behavior now and remove it eventually? Especially considering this behavior
> is not very secure and just adds extra cruft to the adapter code.
>
> On Thu, Nov 7, 2019 at 1:51 PM Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> It might be there from the early days when we didn't have public clients.
>> I'd probably just keep it in case someone is using it with a confidential
>> client as removing it would break it for them. Although strictly speaking
>> you shouldn't use a confidential client with a client-side app.
>>
>> On Thu, 7 Nov 2019 at 07:42, Michal Hajas <mhajas at redhat.com> wrote:
>>
>> > Hello,
>> >
>> > in Javascript adapter we have a possibility to configure a client secret
>> > [1] in order to use Basic authorization for requests for token endpoint
>> > [2]. I haven't found any information in docs about it and I don't
>> > understand why we have it there as public clients don't have secrets. Is
>> > this useful in some scenarios or we should remove it?
>> >
>> > Michal
>> >
>> > [1]
>> >
>> >
>> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L882
>> > &
>> > <
>> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L882&
>> >
>> >
>> >
>> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L866
>> >
>> > [2]
>> >
>> >
>> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L617
>> > &
>> > <
>> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L617&
>> >
>> >
>> >
>> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L732
>> > _______________________________________________
>> > keycloak-dev mailing list
>> > keycloak-dev at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> >
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
More information about the keycloak-dev
mailing list