Keycloak Java Adapter 属性 "public-client" 是什么意思?
What does Keycloak Java Adapter property "public-client" mean?
根据 Keycloak documentation,Java 适配器具有名为 public-client 的 属性,描述为
If set to true, the adapter will not send credentials for the client to Keycloak
“不会向 Keycloak 发送凭据”究竟是什么意思?
在 Keycloak 中,您可以将客户端设置为 public 或机密(或仅承载):
从OAuth 2.0可以读到:
OAuth defines two types of clients: confidential clients and public
clients.
Confidential clients are applications that are able to securely
authenticate with the authorization server, for example being able to
keep their registered client secret safe.
Public clients are unable to use registered client secrets, such as
applications running in a browser or on a mobile device.
source 中的更多详细信息可以阅读:
According to the OAuth 2.0 spec, applications can be classified as
either confidential or public. The main difference relates to whether
or not the application is able to hold credentials (such as a client
ID and secret) securely. This affects the type of authentication the
applications can use.
Confidential applications can hold credentials in a secure way without exposing them to unauthorized parties.
如果客户端是机密的,那么它将包含一个客户端秘密:
What does this "will not send credentials to Keycloak"
In 表示在请求中不会发送客户端密钥。
根据 Keycloak documentation,Java 适配器具有名为 public-client 的 属性,描述为
If set to true, the adapter will not send credentials for the client to Keycloak
“不会向 Keycloak 发送凭据”究竟是什么意思?
在 Keycloak 中,您可以将客户端设置为 public 或机密(或仅承载):
从OAuth 2.0可以读到:
OAuth defines two types of clients: confidential clients and public clients.
Confidential clients are applications that are able to securely authenticate with the authorization server, for example being able to keep their registered client secret safe.
Public clients are unable to use registered client secrets, such as applications running in a browser or on a mobile device.
source 中的更多详细信息可以阅读:
According to the OAuth 2.0 spec, applications can be classified as either confidential or public. The main difference relates to whether or not the application is able to hold credentials (such as a client ID and secret) securely. This affects the type of authentication the applications can use.
Confidential applications can hold credentials in a secure way without exposing them to unauthorized parties.
如果客户端是机密的,那么它将包含一个客户端秘密:
What does this "will not send credentials to Keycloak"
In 表示在请求中不会发送客户端密钥。