How does the library work on different devices?

mauriciovigolo / keycloak-angular

Easy Keycloak setup for Angular applications.

MIT License

725 stars 278 forks source link

How does the library work on different devices? #501

Closed salonsosofinco closed 1 year ago

salonsosofinco commented 1 year ago

Bug Report or Feature Request (mark with an `x`)

- [ ] bug report -> please search for issues before submitting
- [X] feature request

Versions.

Keycloak 16.1.1

Desired functionality.

The point that is if this feature exist. The use case;

A user copy the credentials generated in a 'Device A' to access in a 'Device B'. The library detects this security issue?

mauriciovigolo commented 1 year ago

Hey @salonsosofinco, as in any identity manager and using a bearer approach, if you copy a valid bearer and use it, you will be able to grant access to the resources. Keycloak doesn't validate the client, only the bearer. More info: https://www.keycloak.org/docs/latest/securing_apps/index.html

I will close this issue, since it is not a bug. Thanks!

mauriciovigolo / keycloak-angular

How does the library work on different devices? #501

Bug Report or Feature Request (mark with an x)

Versions.

Desired functionality.

Bug Report or Feature Request (mark with an `x`)