Client Access Type "confidential" generates Javascript that cannot be imported again? #12041
Unanswered
jfrantzius
asked this question in
Q&A
Replies: 1 comment
-
We were able to workaround using https://www.keycloak.org/docs/latest/authorization_services/index.html#_policy_group , but then still I'd think it's not desired that by default Keycloak 18 generates something that cannot be imported again? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
when we upgraded to Keycloak 18, our Realm Export that we use for testing cannot be imported anymore, because it contains Javascript similar to this for one of our client definitions, which is now prohibited in Keycloak 18: #11664 (comment)
For test purposes, I created a new test client with "Access Type":confidential and "Authorization Enabled":ON in Keycloak 18, which results in a tab "Authorization" / "Policies", which then contains a "Default Policy" with Javascript. This will also be exported in a Realm Export. This means Keycloak by default creates a Realm Export that cannot be imported anymore!
According to https://www.keycloak.org/docs/latest/server_development/#_script_providers , we would have to package the generated JS into a JAR-file, instead of uploading or importing it. The generated Javascript looks like this:
Is there maybe an alternative authorization Policy that we could configure here which does not require Javascript, and does the same? Or do we really have to package that one-liner into a JAR file to get going with Keycloak 18 and Access Type "confidential"?
Beta Was this translation helpful? Give feedback.
All reactions