Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How does the library work on different devices? #501

Closed
salonsosofinco opened this issue Jun 19, 2023 · 1 comment
Closed

How does the library work on different devices? #501

salonsosofinco opened this issue Jun 19, 2023 · 1 comment
Labels
question This issue is a question.

Comments

@salonsosofinco
Copy link

Bug Report or Feature Request (mark with an x)

- [ ] bug report -> please search for issues before submitting
- [X] feature request

Versions.

Keycloak 16.1.1

Desired functionality.

The point that is if this feature exist.
The use case;

  • A user copy the credentials generated in a 'Device A' to access in a 'Device B'. The library detects this security issue?
@mauriciovigolo mauriciovigolo added the question This issue is a question. label Jun 27, 2023
@mauriciovigolo
Copy link
Owner

Hey @salonsosofinco,
as in any identity manager and using a bearer approach, if you copy a valid bearer and use it, you will be able to grant access to the resources.
Keycloak doesn't validate the client, only the bearer. More info: https://www.keycloak.org/docs/latest/securing_apps/index.html

I will close this issue, since it is not a bug. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question This issue is a question.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mauriciovigolo @salonsosofinco