Reputation: 81
keycloak js version -> ^10.0.2
angular -> ^7.2.16
keycloak.json
{
"realm": "REALM",
"auth-server-url": "<auth-url>/auth/",
"ssl-required": "external",
"resource": "CLIENT_ID",
"verify-token-audience": true,
"credentials": {
"secret": "CLIENT_SECRET_KEY"
},
"use-resource-role-mappings": true,
"confidential-port": 0,
"policy-enforcer": {}
}
using in init like this
const keycloakAuth = Keycloak('keycloak.json');
keycloakAuth.init({ onLoad: 'login-required', checkLoginIframe: false })
when keycloak made this call <auth-url>/auth/realms/guavus/protocol/openid-connect/token
than giving this error.
{"error":"unauthorized_client","error_description":"Client secret not provided in request"}
as per documentation removed credential support from javascript adapter
than what is the alternative of this and how to fix this error?
Upvotes: 5
Views: 23758
Reputation: 81
Yes, I got to know that they removed credential
support from javascript adapter
https://www.keycloak.org/docs/latest/release_notes/#credentials-support-removed-from-the-javascript-adapter https://github.com/keycloak/keycloak/commit/913056b2b2d39707347a39dddb7bdad69fe47cc3
and for javascript adapter they mentioned in document
To use the JavaScript adapter you must first create a client for your application in the Keycloak Administration Console. Make sure public is selected for Access Type.
Upvotes: 3
Reputation: 298
If this is an Angular Single Page Application (SPA), you should be using a public client (which will not use a client secret) per the Keycloak docs:
"One important thing to note about using client-side applications is that the client has to be a public client as there is no secure way to store client credentials in a client-side application." https://www.keycloak.org/docs/latest/securing_apps/#_javascript_adapter
Upvotes: 12