Thank you for confirming. Thai Le
On Tue, Oct 26, 2021 at 9:57 AM Gary Tully <gary.tu...@gmail.com> wrote: > yes. see the detail at: https://github.com/hawtio/hawtio-oauth > it utilises the keycloak javascript client - > https://www.keycloak.org/docs/latest/securing_apps/#_javascript_adapter > > On Mon, 25 Oct 2021 at 18:30, Thai Le <lnthai2...@gmail.com> wrote: > > > > Hello, > > > > In the security-keycloak example, the client artemis-console defined in > > keycloak is set to be public access and thus keycloak-bearer-token.json > has > > no client secret. Does it mean the web console is entirely client side > > javascript app ? If yes then how does it store the refresh token? > > > > Just a bit of context, I am only interested in securing the artemis web > > console with KC, not the broker (activemq realm) thus i am not > configuring > > the keycloak-direct-access.json. I want to be sure that the web console > > does not call an endpoint on the broker to get the refresh token. > > > > Regards > > > > Thai Le > -- Where there is will, there is a way
