How to create bearer-only clients in the 19.0.1 Web UI?
4,695 views
Skip to first unread message
Chris Poulsen
Aug 11, 2022, 2:01:56 PM8/11/22
to Keycloak User
Hi
We're in the process of verifying an upgrade from Keycloak 15 to 19.
I'm unable to figure out how to create bearer-only oidc clients through the UI.
Previously there was a drop-down with public/confidential/bearer-only type selection, now I can only find an enable/disable toggle that switches between public and confidential.
It is still possible to create a bearer-only client programmatically - But I can't see any way to create it through the UI anymore. (Have looked through the docs etc.)
Is this a bug or can someone point me in the right direction?
Thanks!
--
Chris
Erik Jan de Wit
Aug 12, 2022, 10:29:25 AM8/12/22
to Keycloak User
This has been deprecated and now in the new UI you can only view bearer only clients
C R
Aug 12, 2022, 10:48:28 AM8/12/22
to Erik Jan de Wit, Keycloak User
Hi Erik,
Can you expand on this? Does this mean that bearer-only clients are
bad practice? Is there another reason?
Bearer-only looks to me like a good solution when you don't want your
application to start a login (like a backend REST api). Nothing stop
these clients to use the introspection endpoint if desired.
Regards,
CR
Le ven. 12 août 2022 à 16:29, Erik Jan de Wit
<erikja...@gmail.com> a écrit :
> --
> You received this message because you are subscribed to the Google Groups "Keycloak User" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/5bec8dc7-6ffc-49fa-8291-c61a199f9351n%40googlegroups.com.
Can you expand on this? Does this mean that bearer-only clients are
bad practice? Is there another reason?
Bearer-only looks to me like a good solution when you don't want your
application to start a login (like a backend REST api). Nothing stop
these clients to use the introspection endpoint if desired.
Regards,
CR
Le ven. 12 août 2022 à 16:29, Erik Jan de Wit
<erikja...@gmail.com> a écrit :
> You received this message because you are subscribed to the Google Groups "Keycloak User" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/5bec8dc7-6ffc-49fa-8291-c61a199f9351n%40googlegroups.com.
Stan Silvert
Aug 14, 2022, 3:54:29 PM8/14/22
to Keycloak User
I know it's a little weird, but we have removed bearer-only clients from the new admin console. If you have a bearer-only client created with the old admin console, it will still show up in the new console, but you will not be able to change its access type.
To create the equivalent of a bearer-only client in the new admin console, just uncheck all the Authentication flows.
You can learn more about the rationale for this here:
https://groups.google.com/g/keycloak-dev/c/dvgDVYn1P2E/m/VjkFF2DUAQAJ?pli=1
Chris Poulsen
Aug 15, 2022, 1:21:49 AM8/15/22
to Keycloak User
Thank you for the explanation / link.
I can't say that I feel it is an improvement to be presented for a huge amount of fields in the UI that does nothing in the case of a client with not auth flows - And the fact that the old clients are still there with another UI screen does not really help either - But at least it seems like there is a way to move forward.
--
Chris
C R
Aug 16, 2022, 6:32:55 AM8/16/22
to Stan Silvert, Keycloak User
Thank you, Stan. Much appreciated.
CR
> To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/aef318be-d16e-40ca-b7f4-9fd5666a9b8en%40googlegroups.com.
CR
Reply all
Reply to author
Forward
0 new messages