[keycloak-user] How to add Authorization (policies) for public clients in keycloak
Shubham Akodiya
sakodiya at grepruby.com
Thu Nov 22 10:01:26 EST 2018
Hi,
I've one public client 'react' which uses the implicit grant for
authentication. Now I want to secure this app back-end APIs, thus need to
apply the authorization (policy, resource) settings. Is there any way to
use the *Authorization* settings for the public client?
As per my understanding, Authorization (policy, resource, scope) settings
does not apply for *Public (Client Protocol)* client, It only for *Credential
(Client Protocol) *client. Now the problem here is that when a user tries
to log in using *credential-keycloak-client, *In that case, we need to use
the *client_secret key* in front-end which would make the application more
vulnerable.
Let me know If my understanding is incorrect and feel free to share another
approach to resolve this issue.
Thanks,
Shubham Akodiya
More information about the keycloak-user
mailing list