Details

    • Steps to Reproduce:
      Hide
      • Spin up Keycloak 9.0.0 locally and use the following script:
      TOKEN=`curl -s -v --data "client_id=admin-cli&username=admin&password=admin&grant_type=password" http://localhost:8080/auth/realms/master/protocol/openid-connect/token | jq -r .access_token`
      
      curl -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d '{"id":"exampl-example","clientId":"pay","clientAuthenticatorType":"client-secret","rootUrl":"${authBaseUrl}","description":"The nice description","serviceAccountsEnabled":true,"protocol":"openid-connect"}' http://localhost:8080/auth/admin/realms/master/clients
      

      or

      • Use Keycloak Operator and create the following KeycloakClientCR:
        ---
          apiVersion: keycloak.org/v1alpha1
          kind: KeycloakClient
          metadata:
            finalizers:
            - client.cleanup
            generation: 2
            name: example-name
            namespace: example-ns-name
          spec:
            client:
              bearerOnly: false
              clientAuthenticatorType: client-secret
              clientId: pay
              defaultClientScopes:
              - some-scopeshere1
              - some-scopeshere2
              - some-scopeshere3
              description: The nice description
              id: exampl-example
              protocol: openid-connect
              publicClient: false
              rootUrl: ${authBaseUrl}
              serviceAccountsEnabled: true
            realmSelector:
              matchLabels:
                iam.example.cloud/keycloak-app: example-iam
        
      Show
      Spin up Keycloak 9.0.0 locally and use the following script: TOKEN=`curl -s -v --data "client_id=admin-cli&username=admin&password=admin&grant_type=password" http: //localhost:8080/auth/realms/master/protocol/openid-connect/token | jq -r .access_token` curl -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d '{ "id" : "exampl-example" , "clientId" : "pay" , "clientAuthenticatorType" : "client-secret" , "rootUrl" : "${authBaseUrl}" , "description" : "The nice description" , "serviceAccountsEnabled" : true , "protocol" : "openid-connect" }' http: //localhost:8080/auth/admin/realms/master/clients or Use Keycloak Operator and create the following KeycloakClientCR : --- apiVersion: keycloak.org/v1alpha1 kind: KeycloakClient metadata: finalizers: - client.cleanup generation: 2 name: example-name namespace: example-ns-name spec: client: bearerOnly: false clientAuthenticatorType: client-secret clientId: pay defaultClientScopes: - some-scopeshere1 - some-scopeshere2 - some-scopeshere3 description: The nice description id: exampl-example protocol: openid-connect publicClient: false rootUrl: ${authBaseUrl} serviceAccountsEnabled: true realmSelector: matchLabels: iam.example.cloud/keycloak-app: example-iam
    • Workaround:
      Workaround Exists
    • Workaround Description:
      • Do not specify protocol in the CR
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Hi guys,

      whenever a KeycloakClient is added with:

      clientAuthenticatorType: client-secret
      

      a secret is created with

      CLIENT_ID
      CLIENT_SECRET
      

      But unfortunately the CLIENT_SECRET is always empty and therefore can't be used the way its meant.

      I've fixed that code-wise and will do a PR for you guys.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  sebastian.laskawiec Sebastian Laskawiec
                  Reporter:
                  roberth1988 Robert Hoppe
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: