[keycloak-user] Keycloak Javascript Adapter - Advisable to be used for confidential clients?
Eric Boyd Ramirez
eric.ramirez.sv at gmail.com
Fri Nov 2 12:51:39 EDT 2018
Hi Bruce,
I am fairly new to Keycloak myself, so I am giving my opinion in hopes some else can double check.
The JS adapter is designed to work with Public clients, siting on the the client side, the idea is that the a user/person would have to enter his/her credentials to in order to login.
Confidential clients generate an installation JSON or XML configuration object which is meant to be installed on the server side/ Application server. The user accessing this application does not receive this configuration.
Hope this helps.
> On Nov 2, 2018, at 1:28 AM, Bruce Wings <testoauth55 at gmail.com> wrote:
>
> I am referring to Keycloak Javascript adapter as mentioned in :
> https://www.keycloak.org/docs/4.5/securing_apps/index.html#_javascript_adapter
>
> I have a confidential client and I have downloaded keycloak-oidc.json
> containing client secret. Now I am not sure how secure is it to keep this
> file containing client-secret at the client side.
>
> Am I being over concerned?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list