Keycloak Bear-Only Client 带和不带授权客户端密钥
Keycloak Bear-Only Client with and without Authorization Client Secret
在 keycloak 中,当我将 Client 设置为 bearer-only 访问类型且未经授权时,我得到以下配置以在我的服务器上安装
{
"realm": "API",
"bearer-only": true,
"auth-server-url": "https://example.com.au/auth/1.0",
"ssl-required": "none",
"resource": "edge-server"
}
然后,当我为该客户端启用授权时,它现在包含客户端密码:
{
"realm": "API",
"bearer-only": true,
"auth-server-url": "https://example.com.au/auth/1.0",
"ssl-required": "none",
"resource": "edge-server",
"credentials": {
"secret": "33333333-4444-5555-6666-777777777777"
},
"policy-enforcer": {}
}
所以我的问题是为什么启用授权后我的服务器需要 secret?
Keycloak 授权策略只能应用于机密客户端,例如您的后端 REST API。
在 keycloak 中,当我将 Client 设置为 bearer-only 访问类型且未经授权时,我得到以下配置以在我的服务器上安装
{
"realm": "API",
"bearer-only": true,
"auth-server-url": "https://example.com.au/auth/1.0",
"ssl-required": "none",
"resource": "edge-server"
}
然后,当我为该客户端启用授权时,它现在包含客户端密码:
{
"realm": "API",
"bearer-only": true,
"auth-server-url": "https://example.com.au/auth/1.0",
"ssl-required": "none",
"resource": "edge-server",
"credentials": {
"secret": "33333333-4444-5555-6666-777777777777"
},
"policy-enforcer": {}
}
所以我的问题是为什么启用授权后我的服务器需要 secret?
Keycloak 授权策略只能应用于机密客户端,例如您的后端 REST API。