jonkoops
commented
2 years ago We are not looking to add new features to this client as it has been deprecated. For more information see the announcement blog post.
Closed rungwe closed 2 years ago
jonkoops
commented
2 years ago We are not looking to add new features to this client as it has been deprecated. For more information see the announcement blog post.
Description
Description The bearer token seems to be expected to be in Authorization Header only. It is a point to note that not all applications are conformed to use of Authorization Headers. For example, some applications, spring boot apps use both authorization headers and the url request query parameter
access_token, some even cookies.Discussion
https://github.com/keycloak/keycloak-nodejs-connect/issues/349
Motivation
The current situation limits flexibility and interoperability of applications that communicate together via Rest API,Solving this problem will make it easier for developers to specify areas to look for the token that suites their specific needs. Otherwise It can be a lot of work having to rewrite application that depends on the application based node keycloack to force them to use Authorization headers for bearer tokens.
Details
This can be implemented as configurations which allows a developer to specify part of the request where the token should be extracted from, and that can be