Keycloak-js confidential client (as negative example!)

BenjaminHae · December 13, 2019, 7:53am

Hi,

I’m trying to set up a demo application for “how not to do oauth/oidc”.
It’s a react application with keycloak-js. Is it possible to force it to act as a confidential client?
Are there some parameters I can pass to keycloak.init?

I now that a SPA can not keep secrets, this is only a bad example to help understand oidc

Thanks
Benjamin

mhajas · December 13, 2019, 9:50am

Hello,

this was possible some time ago, but it was removed for security reasons. It was removed in this PR: https://github.com/keycloak/keycloak/pull/6454. Jira says it was fixed in 8.0.0 so before this version it should be working.

Michal

Topic		Replies	Views
How do you use keycloak for providing authentication? Getting advice authentication	3	353	March 27, 2024
Basic Keycloak Auth System with React + NodeJS Securing applications authentication , identity-brokering , oidc	0	1138	February 19, 2021
Keycloak Public facing Getting advice admin-console , authentication , oidc	0	534	April 14, 2020
Securing Speing Boot RESTful API and React JS Getting advice	4	1088	May 21, 2020
Keycloak Authorization Issue with JS and Python Securing applications oidc	1	471	April 12, 2023

Keycloak-js confidential client (as negative example!)

Related Topics