I’m just starting out in my keycloak journey but I found something that looked very dubious to me. I create a client for my realm, users etc and tested this authorised my app ok - which it did just fine. Let’s say my client id was called OLD_NAME I then changed the id to NEW_NAME in Keycloak admin and tried again. I was able to login by passing a client_id of either OLD_NAME or NEW_NAME. I did not expect that, surely if I changed the Client Id, then old id should no longer work correctly ? Does Keycloak do some sort of caching of Client IDs?
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Change client id on angular app without logout/login | 0 | 700 | September 29, 2021 | |
| Change user id in keycloack | 0 | 623 | May 20, 2022 | |
| Difference between Keycloak 16.1 and 12.0.4: "Invalid client credentials" for public client while the same request works without problems for 12.0.4 | 4 | 14756 | January 14, 2022 | |
| Should I use the same client_id between application, keycloak as broker and Keycloak as IDP? | 2 | 566 | April 11, 2022 | |
| User ID changed after migrating from KC 17 to KC21 | 1 | 109 | June 19, 2024 |