jonathan-dev commented on issue #10498: URL: https://github.com/apache/apisix/issues/10498#issuecomment-1813963543
For a little bit more context: I am setting up the OIDC provider myself (Keycloak). When setting up the Application I think I am required to set the access to confidential access (only then Keycloak generates a client_secret witch I need(?) to configure in the plugin). Now when I try to simulate a client (with a curl command) I need to add the client secret to my curl command in order to retrieve my JWT which then can be verified by the OIDC plugin. Shouldn't I be able to not use the client secret in the JWT retrieving request when I want to use that request in web client for example? (or am I and I haven't noticed?) Maybe with this description you can help me to figure out where I am off or misunderstanding something. Thanks -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
