[keycloak-user] Token validation and public client
Helio Frota
00hf11 at gmail.com
Tue Apr 26 14:34:04 EDT 2016
Hi,
>From the docs:
"Only confidential clients are allowed to invoke the new endpoint, "
https://keycloak.github.io/docs/userguide/keycloak-server/html/Migration_from_older_versions.html#d4e4084
[the new endpoint] -->
/realms/{realm}/protocols/openid-connect/token/introspect
But the project :
https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/grant-manager.js
Is using public client approach ^ [username, password, no client-secret
etc...]
Any suggestion on this ?
Thanks !
On Mon, Apr 25, 2016 at 7:14 PM, Helio Frota <00hf11 at gmail.com> wrote:
> Hi Bruno,
>
> I'm trying to validate an access token:
>
>
> https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/grant-manager.js#L260
>
> Thanks for the feedback !
>
>
>
>
> On Mon, Apr 25, 2016 at 6:49 PM, Bruno Oliveira <bruno at abstractj.org>
> wrote:
>
>> It sounds like there's some misconception here. Does not make sense to
>> have a public client with client secret configured.
>>
>> Could you please elaborate more, what exactly are you trying to do? And
>> I would really appreciate if you share more details.
>>
>> On 2016-04-25, Helio Frota wrote:
>> > Hi,
>> >
>> > I found a shell script to use the new introspection path to do token
>> > validation:
>> > http://lists.jboss.org/pipermail/keycloak-user/2016-April/005869.html
>> >
>> > I'm using public client and by removing :
>> >
>> > KC_CLIENT_SECRET=a-test-client-credental
>> >
>> > The result is:
>> >
>> > {"error_description":"Authentication failed.","error":"invalid_request"}
>> >
>> > It is possible to use validation token for public clients ?
>> >
>> > Thanks!
>>
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>> --
>>
>> abstractj
>> PGP: 0x84DC9914
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160426/0cd9d9b2/attachment-0001.html
More information about the keycloak-user
mailing list