libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-10313 Document PKCE usage for KeycloakInstalled Adapter

Browse source
This commit is contained in:
Thomas Darimont 2019-07-01 15:56:56 +02:00 committed by Marek Posolda
parent d1b05ff0ce
commit 009af1e1a3
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
securing_apps/topics/oidc/java/installed-adapter.adoc
View file

@ -57,6 +57,10 @@ The `KeycloakInstalled` adapter provides support for renewal of stale tokens.
The application needs to be configured as a `public` OpenID Connect client with The application needs to be configured as a `public` OpenID Connect client with
`Standard Flow Enabled` and pass:[http://localhost:*] as an allowed `Valid Redirect URI`. `Standard Flow Enabled` and pass:[http://localhost:*] as an allowed `Valid Redirect URI`.
TIP: The `KeycloakInstalled` adapter supports the `PKCE` mechanism to provide additional protection during
code to token exchanges in the `OIDC` protocol. PKCE can be enabled with the `"enable-pkce": true` setting
in the adapter configuration. Enabling PKCE is highly recommended.
===== Usage ===== Usage
The `KeycloakInstalled` adapter reads it's configuration from The `KeycloakInstalled` adapter reads it's configuration from
@ -76,7 +80,8 @@ uses the following `keycloak.json`:
"ssl-required": "external", "ssl-required": "external",
"resource": "desktop-app", "resource": "desktop-app",
"public-client": true, "public-client": true,
"use-resource-role-mappings": true "use-resource-role-mappings": true,
"enable-pkce": true
} }
---- ----