I’m trying to set up a demo application for “how not to do oauth/oidc”.
It’s a react application with
keycloak-js. Is it possible to force it to act as a confidential client?
Are there some parameters I can pass to
I now that a SPA can not keep secrets, this is only a bad example to help understand oidc