堆栈内存溢出
  简体   繁体   English

Keycloak Java 适配器属性“public-client”是什么意思?

[英]What does Keycloak Java Adapter property “public-client” mean?

 原文  2021-02-21 11:49:15       java/ spring/ spring-security/ keycloak/ keycloak-services

问题描述

According to Keycloak documentation , the Java Adapter has property named public-client described as根据 Keycloak 文档,Java 适配器具有名为public-client的属性,描述为

If set to true, the adapter will not send credentials for the client to Keycloak如果设置为 true,则适配器不会将客户端的凭据发送到 Keycloak

What does this "will not send credentials to Keycloak" actually mean?这个“不会向 Keycloak 发送凭据”实际上是什么意思?

1 个解决方案

解决方案1
 3 已采纳  2021-02-21 11:53:11

In Keycloak you can set a client to be public or confidential (or bearer-only):在 Keycloak 中,您可以将客户端设置为公开或机密(或仅承载):

在此处输入图像描述

From the OAuth 2.0 one can read:OAuth 2.0可以阅读:

OAuth defines two types of clients: confidential clients and public clients. OAuth 定义了两种类型的客户端:机密客户端和公共客户端。

Confidential clients are applications that are able to securely authenticate with the authorization server, for example being able to keep their registered client secret safe.机密客户端是能够安全地通过授权服务器进行身份验证的应用程序,例如能够保持其注册客户端机密的安全。

Public clients are unable to use registered client secrets , such as applications running in a browser or on a mobile device.公共客户端无法使用已注册的客户端机密,例如在浏览器或移动设备上运行的应用程序。

And in more detail from source one can read:源代码中更详细地可以阅读:

According to the OAuth 2.0 spec, applications can be classified as either confidential or public.根据 OAuth 2.0 规范,应用程序可分为机密或公开。 The main difference relates to whether or not the application is able to hold credentials (such as a client ID and secret) securely.主要区别在于应用程序是否能够安全地保存凭据(例如客户端 ID 和机密)。 This affects the type of authentication the applications can use.这会影响应用程序可以使用的身份验证类型。

Confidential applications can hold credentials in a secure way without exposing them to unauthorized parties.机密应用程序可以以安全的方式保存凭据,而不会将其暴露给未经授权的各方。

If the client is confidential, then it will contain a client secret:如果客户端是机密的,那么它将包含一个客户端机密:

在此处输入图像描述

What does this "will not send credentials to Keycloak"这“不会向 Keycloak 发送凭据”是什么意思?

In means that in the requests that client secret will not be sent. In 表示在请求中不会发送客户端密码。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 “public static void”在Java中意味着什么? - What does 'public static void' mean in Java? Java:anObject?.property是什么意思? - Java: anObject?.property What does it mean? java中的“ForkJoinPool不是公共合同的一部分”是什么意思 - What does the term mean --"ForkJoinPool is not a part of the public contract" in java 什么是“公共天气预报员(整数...拉链){”在java中的含义 - What does “public Weatherman(Integer… zips) {” mean in java 新的Foo(bar)是什么{public void baz(){…}}; 在Java中意味着什么? - What does new Foo(bar) {public void baz(){…} }; mean in Java? Keycloak Spring 安全适配器如何使用公共 Keycloak 客户端验证访问令牌? - How can Keycloak Spring Security Adapter validate access token using public Keycloak client? Keycloak 公共客户端和授权 - Keycloak public client and authorization Java“user.dir”属性——它到底是什么意思? - Java “user.dir” property - what exactly does it mean? ^ =在Java中是什么意思? - What does ^= mean in Java? 在Java中&lt; - 是什么意思? - What does <- mean in Java?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM