[keycloak-dev] Credentials in javascript adapter
Jon Koops
jonkoops at gmail.com
Thu Nov 7 08:00:37 EST 2019
Sure, how about I whip a PR much like this one
<https://github.com/keycloak/keycloak/pull/6318>. Would that be acceptable?
On Thu, Nov 7, 2019 at 1:57 PM Stian Thorgersen <sthorger at redhat.com> wrote:
> That'd work. As it's not documented we can probably instead just log a
> warning to the console?
>
> On Thu, 7 Nov 2019 at 13:55, Jon Koops <jonkoops at gmail.com> wrote:
>
>> We recently also deprecated non-native promises with the intent to remove
>> this behavior in the future. Would it not then make sense to deprecate this
>> behavior now and remove it eventually? Especially considering this behavior
>> is not very secure and just adds extra cruft to the adapter code.
>>
>> On Thu, Nov 7, 2019 at 1:51 PM Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>> It might be there from the early days when we didn't have public clients.
>>> I'd probably just keep it in case someone is using it with a confidential
>>> client as removing it would break it for them. Although strictly speaking
>>> you shouldn't use a confidential client with a client-side app.
>>>
>>> On Thu, 7 Nov 2019 at 07:42, Michal Hajas <mhajas at redhat.com> wrote:
>>>
>>> > Hello,
>>> >
>>> > in Javascript adapter we have a possibility to configure a client
>>> secret
>>> > [1] in order to use Basic authorization for requests for token endpoint
>>> > [2]. I haven't found any information in docs about it and I don't
>>> > understand why we have it there as public clients don't have secrets.
>>> Is
>>> > this useful in some scenarios or we should remove it?
>>> >
>>> > Michal
>>> >
>>> > [1]
>>> >
>>> >
>>> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L882
>>> > &
>>> > <
>>> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L882&
>>> >
>>> >
>>> >
>>> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L866
>>> >
>>> > [2]
>>> >
>>> >
>>> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L617
>>> > &
>>> > <
>>> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L617&
>>> >
>>> >
>>> >
>>> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L732
>>> > _______________________________________________
>>> > keycloak-dev mailing list
>>> > keycloak-dev at lists.jboss.org
>>> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>> >
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
More information about the keycloak-dev
mailing list