KEYCLOAK: Client secret not provided in request

Question

keycloak js version -> ^10.0.2

angular -> ^7.2.16

keycloak.json

{
  "realm": "REALM",
  "auth-server-url": "<auth-url>/auth/",
  "ssl-required": "external",
  "resource": "CLIENT_ID",
  "verify-token-audience": true,
  "credentials": {
    "secret": "CLIENT_SECRET_KEY"
  },
  "use-resource-role-mappings": true,
  "confidential-port": 0,
  "policy-enforcer": {}
}

using in init like this

const keycloakAuth = Keycloak('keycloak.json');
keycloakAuth.init({ onLoad: 'login-required', checkLoginIframe: false })

when keycloak made this call <auth-url>/auth/realms/guavus/protocol/openid-connect/token than giving this error.

{"error":"unauthorized_client","error_description":"Client secret not provided in request"}

as per documentation removed credential support from javascript adapter

than what is the alternative of this and how to fix this error?

Answer 1

Yes, I got to know that they removed credential support from javascript adapter

https://www.keycloak.org/docs/latest/release_notes/#credentials-support-removed-from-the-javascript-adapter https://github.com/keycloak/keycloak/commit/913056b2b2d39707347a39dddb7bdad69fe47cc3

and for javascript adapter they mentioned in document To use the JavaScript adapter you must first create a client for your application in the Keycloak Administration Console. Make sure public is selected for Access Type.

Answer 2

If this is an Angular Single Page Application (SPA), you should be using a public client (which will not use a client secret) per the Keycloak docs:

"One important thing to note about using client-side applications is that the client has to be a public client as there is no secure way to store client credentials in a client-side application." https://www.keycloak.org/docs/latest/securing_apps/#_javascript_adapter