Need to handle secret id via angular app from frontend for access type = confidential
430 views
Skip to first unread message
chetan Sharma (CHEKS)
Jan 16, 2024, 1:57:22 AM1/16/24
to Keycloak User
Hello. This is a question about sending client secret id in credentials section via angular app
Previously we are using keycloak-angular: 2.0.1 version in which we can easily send credentials: { secret id: "" } via keycloak config object.
But after updating the version of keycloak-angular from 2.0.1 to 13.1.0 we are not able to send secret id from frontend side via angular application.
But after updating the version of keycloak-angular from 2.0.1 to 13.1.0 we are not able to send secret id from frontend side via angular application.
its working fine for access type = public we can get access token easily but for
access type = confidential we are getting error.
kindly suggest how we need to handle the access type = confidential from frontend as its required secret id. and we are not able to send secret id from our angular app.
Thanks in advance for your tips.
Best Regards
chetan kr. sharma
Best Regards
chetan kr. sharma
Jon Koops
Jan 16, 2024, 4:54:38 AM1/16/24
to chetan Sharma (CHEKS), Keycloak User
Confidential clients are considered insecure, and are no longer supported by Keycloak JS, and by extension Keycloak Angular. They are considered insecure, as they require storing a secret on the client, which can be compromised and stolen. For web and native apps it is recommended to use public clients only.
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/aa53b486-985e-4910-bd55-fdf02c62f281n%40googlegroups.com.
C R
Jan 18, 2024, 10:37:52 AM1/18/24
to chetan Sharma (CHEKS), Keycloak User
The user can get the secret by pressing F12 and having a look. Apps
that run on the client are public clients, not confidential.
C.
Le mar. 16 janv. 2024 à 07:57, chetan Sharma (CHEKS)
<cheta...@gmail.com> a écrit :
that run on the client are public clients, not confidential.
C.
Le mar. 16 janv. 2024 à 07:57, chetan Sharma (CHEKS)
<cheta...@gmail.com> a écrit :
chetan Sharma
Jan 25, 2024, 3:14:57 AM1/25/24
to Keycloak User
Hi Team ,
Have one more issue like after local:4200 I don't want to go on keycloak login page directly first I want to go on some module then after on click of button in that module I want to go on keycloak login page.
Is there any way of yes then kindly help !!
Best regards
Chetan
--
Reply all
Reply to author
Forward
0 new messages