Hello, In the security-keycloak example, the client artemis-console defined in keycloak is set to be public access and thus keycloak-bearer-token.json has no client secret. Does it mean the web console is entirely client side javascript app ? If yes then how does it store the refresh token?
Just a bit of context, I am only interested in securing the artemis web console with KC, not the broker (activemq realm) thus i am not configuring the keycloak-direct-access.json. I want to be sure that the web console does not call an endpoint on the broker to get the refresh token. Regards Thai Le
