Closed salonsosofinco closed 1 year ago
Hey @salonsosofinco, as in any identity manager and using a bearer approach, if you copy a valid bearer and use it, you will be able to grant access to the resources. Keycloak doesn't validate the client, only the bearer. More info: https://www.keycloak.org/docs/latest/securing_apps/index.html
I will close this issue, since it is not a bug. Thanks!
Bug Report or Feature Request (mark with an
x
)Versions.
Keycloak 16.1.1
Desired functionality.
The point that is if this feature exist. The use case;