Keycloak-js confidential client (as negative example!)

BenjaminHae · December 13, 2019, 7:53am

Hi,

I’m trying to set up a demo application for “how not to do oauth/oidc”.
It’s a react application with keycloak-js. Is it possible to force it to act as a confidential client?
Are there some parameters I can pass to keycloak.init?

I now that a SPA can not keep secrets, this is only a bad example to help understand oidc

Thanks
Benjamin

mhajas · December 13, 2019, 9:50am

Hello,

this was possible some time ago, but it was removed for security reasons. It was removed in this PR: https://github.com/keycloak/keycloak/pull/6454. Jira says it was fixed in 8.0.0 so before this version it should be working.

Michal

Topic		Replies	Views
Is there any way to have confidential clients using javascript-adapter Getting advice	2	528	October 21, 2022
Integration with keycloak Getting advice identity-brokering , oidc	1	35	December 15, 2025
Confusion about public/confidential clients Securing applications	4	2449	April 1, 2023
Access type confidential causes CORS problems with keycloak.js Securing applications	1	575	October 15, 2020
How to integrate angular 7 with confidential access type of open id connect client-configuration	0	597	December 11, 2019

Keycloak-js confidential client (as negative example!)

Related topics