libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Update topics/clients/client-oidc.adoc

Browse source
This commit is contained in:
Stian Thorgersen 2016-06-13 13:46:04 +02:00
parent 317b45068b
commit 9bc1132ff3
1 changed files with 3 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
topics/clients/client-oidc.adoc
View file

@ -59,14 +59,11 @@ If you've ever done a social login to Google, you'll often see a similar page.
This defines the type of the OIDC client.
_confidential_::
Confidential access type is for clients that need to perform a browser login and require a client secret when they turn an access code into an access token,
(see http://tools.ietf.org/html/rfc6749#section-4.1.3[Access Token Request] in the OAuth 2.0 spec for more details). The advantage of this is that it is a little extra security.
Since {{book.project.name}} requires you to register valid redirect-uris, we're not exactly sure what this little extra security is though.
:) The disadvantages of this access type is that confidential access type is pointless for pure JavaScript clients as anybody could easily figure out your client's secret!
Confidential access type is for server-side clients that need to perform a browser login and require a client secret when they turn an access code into an access token,
(see http://tools.ietf.org/html/rfc6749#section-4.1.3[Access Token Request] in the OAuth 2.0 spec for more details). This type should be used for server-side applications.
_public_::
Public access type is for clients that need to perform a browser login and that you feel that the added extra security of confidential access type is not needed.
Pure javascript clients are by nature public.
Public access type is for clients that need to perform a browser login
_bearer-only_::
Bearer-only access type means that the application only allows bearer token requests.