Versions Compared

Old Version 2

changes.mady.by.user Kevin Timoney

Saved on

compared with

New Version 3

changes.mady.by.user Kevin Timoney

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This is the default option, a secret is generated automatically when the client is created.

x509 Certificate

This is requires setting up an authentication flow for the client and then setting the "Direct Grant Flow" to this new flow in the "Authentication flow overrides" section of the client configuration.

You can also enabled regexp pattern matching in the credentials section of the client if required.

When a token request is made with the x509 certificate, a part of the certificate like the subject's email is compared with the email from one of the users in the realm, if there is a match a token is issued.

...

The certificate is then compared with a JWK URI or a static JWKS (This can be created using the certificate and pubic key then imported into to keycloak).

If the signatures match, a token is issued.

JWT signed with secret

Similar to above except for JWT is signed with the client secret instead of a certificate.

Metrics

By including the following environment variable metrics will be available on the /metics endpoint

...