[keycloak-user] Initializing keycloak.js without extra request for keycloak.json?

Stian Thorgersen sthorger at redhat.com
Mon Apr 18 01:28:07 EDT 2016


Token-store is for server-side adapter. Public-client is ignored as it will
simply use the presence of secret, but it's pointless to have a
confidential html5 client as the secret would be public. Public key is not
needed for js as it doesn't verify the token, it could, but wouldn't have
much value as the services would do that anyways.

On 15 April 2016 at 17:29, Michael Clayton <mclayton at redhat.com> wrote:

> Thanks, that helps.  I'm happy to go with that approach, but it would
> help me if I understood why most of the values in keycloak.json are not
> needed by keycloak.js.
>
> Are "token-store", "public-client" etc totally ignored by keycloak.js?
> A quick grep suggests that they are ignored.
>
> --
> Michael Clayton
>
> On Fri, Apr 15, 2016 at 07:45:59AM +0200, Stian Thorgersen wrote:
> > You don't need to pass in the whole keycloak.json like this, to
> initialize
> > it without the request for keycloak.json just do:
> >
> >   new Keycloak({
> >     realm: "myReam",
> >     clientId: "myClientId"
> >   }
> >
> > That's it.
> >
> >
> > On 14 April 2016 at 21:59, Michael Clayton <mclayton at redhat.com> wrote:
> >
> > > Hi all,
> > >
> > > I'm integrating keycloak.js with the Red Hat Customer Portal and have a
> > > question about passing a configuration object into the Keycloak()
> > > constructor.
> > >
> > > At the point where I call Keycloak(), I'm attempting to avoid waiting
> > > for the keycloak.json HTTP GET by inlining keycloak.json during a build
> > > step.  By example, my build now produces this:
> > >
> > >     var keycloak = new Keycloak({
> > >         "realm" : "myRealm",
> > >         "realm-public-key" : "myPublicKey",
> > >         "auth-server-url" : "https://keycloak.me/auth",
> > >         "ssl-required" : "external",
> > >         "resource" : "myClientId",
> > >         "public-client" : true,
> > >         "token-store": "cookie"
> > >     });
> > >
> > > I was hoping this would Just Work, but I quickly discovered that some
> of
> > > the properties are "renamed" after the HTTP request:
> > >
> > >     kc.authServerUrl = config['auth-server-url'];
> > >     kc.realm = config['realm'];
> > >     kc.clientId = config['resource'];
> > >     kc.clientSecret = (config['credentials'] || {})['secret'];
> > >
> > > And thus my setup doesn't work because "clientId" doesn't exist inside
> > > keycloak.json.
> > >
> > > My question is: would I be foolish to rename the properties inside
> > > keycloak.json so that the JSON can be passed directly into the Keycloak
> > > constructor?  For example, "resource" becomes "clientId" and
> > > "auth-server-url" becomes "authServerUrl".
> > >
> > > It would be really convenient if I could give keycloak.js the contents
> > > of keycloak.json without having to fret about where it came from (AJAX
> > > or hardcoded or build-inlined).  If others would like that feature too,
> > > I'd happily put together a contribution.
> > >
> > > Thanks for any advice!
> > >
> > > --
> > > Michael Clayton
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160418/d7ac714e/attachment.html 


More information about the keycloak-user mailing list