yes. see the detail at: https://github.com/hawtio/hawtio-oauth it utilises the keycloak javascript client - https://www.keycloak.org/docs/latest/securing_apps/#_javascript_adapter
On Mon, 25 Oct 2021 at 18:30, Thai Le <lnthai2...@gmail.com> wrote: > > Hello, > > In the security-keycloak example, the client artemis-console defined in > keycloak is set to be public access and thus keycloak-bearer-token.json has > no client secret. Does it mean the web console is entirely client side > javascript app ? If yes then how does it store the refresh token? > > Just a bit of context, I am only interested in securing the artemis web > console with KC, not the broker (activemq realm) thus i am not configuring > the keycloak-direct-access.json. I want to be sure that the web console > does not call an endpoint on the broker to get the refresh token. > > Regards > > Thai Le
