在密钥斗篷中,当我将Client
设置为bearer-only
访问类型并且未经授权时,会得到以下配置以在服务器上安装
{
"realm": "API",
"bearer-only": true,
"auth-server-url": "https://example.com.au/auth/1.0",
"ssl-required": "none",
"resource": "edge-server"
}
然后,当我为该客户端启用授权时,它现在包括客户端密码:
{
"realm": "API",
"bearer-only": true,
"auth-server-url": "https://example.com.au/auth/1.0",
"ssl-required": "none",
"resource": "edge-server",
"credentials": {
"secret": "33333333-4444-5555-6666-777777777777"
},
"policy-enforcer": {}
}
所以我的问题是,启用授权后,为什么我的服务器需要secret
?
答案 0 :(得分:0)
Keycloak授权策略只能应用于机密客户端,例如后端REST API。