Keycloak 客户端是否有客户端密钥?

Do Keycloak Clients have a Client Secret?

keycloak 客户端 ID 是否有客户端密钥?我试图在 keycloak admin 中创建一个客户端,但我无法发现客户端密码。

是自动生成的吗?我在哪里可以获得秘密?

您的客户端需要将 access-type 设置为 confidential ,然后您将有一个新选项卡 credentials,您将在其中看到客户端密码。
https://wjw465150.gitbooks.io/keycloak-documentation/content/server_admin/topics/clients/oidc/confidential.html

客户端需要将 access-type 设置为 confidential,您可以在凭据选项卡中看到客户端密钥

Does keycloak client id has a client secret? I tried to create a client in keycloak admin but I was not able to spot client secret.

首先,您应该知道 Keycloak 实现了 OpenID Connect,

is a simple identity layer on top of the OAuth 2.0 protocol.

根据 OAuth 2.0 协议,客户端可以是 机密public.

The main difference relates to whether or not the application is able to hold credentials (such as a client ID and secret) securely.

关于机密客户:

Because they use a trusted backend server, confidential applications can use grant types that require them to authenticate by specifying their client ID and client secret when calling the Token endpoint.

有了这些知识,您就可以轻松地创建一个具有如下客户端密钥的客户端:

  1. 创建一个“访问类型”设置为机密的客户端:
  2. 单击“保存”按钮;
  3. 之后会出现一个名为“Credentials”的新标签:
  4. 在那里你可以看到客户端密码: