Client Secret Retrieval via Keycloak Web Interface

Hi all,

It was found that the user interface correctly masks the defined client secret and does not allow for retrieval at a later point of time. However, when inspecting the server response, the client secret is included in clear-text. This indicates unintended exposure and insufficient implementation of the masking feature.

How can I mitigate this?