[keycloak-dev] Credentials in javascript adapter

Stan Silvert ssilvert at redhat.com
Fri Nov 15 12:15:53 EST 2019 

On 11/15/2019 9:05 AM, Stian Thorgersen wrote:
> The account console should be a confidential client as it is there for 
> the old account console.
>
> Instead you should create a new client for the new account console.
Sigh.  That's definitely not the answer I was hoping for.

>
> On Fri, 15 Nov 2019 at 14:03, Stan Silvert <ssilvert at redhat.com 
> <mailto:ssilvert at redhat.com>> wrote:
>
>     On 11/7/2019 7:46 AM, Stian Thorgersen wrote:
>     > It might be there from the early days when we didn't have public
>     clients.
>     > I'd probably just keep it in case someone is using it with a
>     confidential
>     > client as removing it would break it for them. Although strictly
>     speaking
>     > you shouldn't use a confidential client with a client-side app.
>     There is something else left over from when we didn't have public
>     clients.  The account console is still a confidential client.
>
>     With this latest change in the javascript adapter, the new account
>     console is broken.  (Both old and new account console use the same
>     client definition)
>
>     Does anyone have an issue with changing the (old and new) account
>     console to a public client?
>
>     >
>     > On Thu, 7 Nov 2019 at 07:42, Michal Hajas <mhajas at redhat.com
>     <mailto:mhajas at redhat.com>> wrote:
>     >
>     >> Hello,
>     >>
>     >> in Javascript adapter we have a possibility to configure a
>     client secret
>     >> [1] in order to use Basic authorization for requests for token
>     endpoint
>     >> [2]. I haven't found any information in docs about it and I don't
>     >> understand why we have it there as public clients don't have
>     secrets. Is
>     >> this useful in some scenarios or we should remove it?
>     >>
>     >> Michal
>     >>
>     >> [1]
>     >>
>     >>
>     https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L882
>     >> &
>     >>
>     <https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L882&>
>     >>
>     >>
>     https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L866
>     >>
>     >> [2]
>     >>
>     >>
>     https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L617
>     >> &
>     >>
>     <https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L617&>
>     >>
>     >>
>     https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js#L732
>     >> _______________________________________________
>     >> keycloak-dev mailing list
>     >> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>     >>
>     > _______________________________________________
>     > keycloak-dev mailing list
>     > keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>

More information about the keycloak-dev mailing list