New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow adding custom headers in HTTP Requests performed by keycloak-js adapter #10312
Comments
This adds httpRequestHeaders and httpRequestWillSend init options so end user can send aditionnal headers or perform custom tweaks on http requests before they are sent. Closes keycloak#10312
I appreciate your problem here, but not convinced we should add support for setting http headers, as it's not compatible with the spec, and additionally since it's a public client it these secrets are not actually secret, so it's a bit of a broken approach to locking it down it seems. |
@jonkoops wdyt? |
See my comment on the PR #10313 (comment) |
Closing this for the reasons specified in the PR |
Client is also protected behind cloudflare zero trust, but I understand the use case is not so common. |
Description
Would you consider a pull request to configure additional headers when performing HTTP Request to Keycloak inside keycloak-js adapter ?
Discussion
No response
Motivation
I run an SPA communicating with a REST API and using Keycloak for authentication.
This application is deployed on a staging environment that as restricted access to some people through Cloudflare Access (Zero Trust).
In this context, I need keycloak-js adapter to add two headers in every HTTP Request (
CF-Access-Client-Id
andCF-Access-Client-Secret
) for the browser to be allowed to access Keycloak through Cloudflare Access.Details
No response
The text was updated successfully, but these errors were encountered: