Does keycloak client id has a client secret? I tried to create a client in keycloak admin but I was not able to spot client secret.
Is it auto generated? Where can I get the secret?
Asked
Active
Viewed 1.3e+01k times
6 Answers
219
Your client need to have the access-type set to confidential , then you will have a new tab credentials where you will see the client secret.
https://wjw465150.gitbooks.io/keycloak-documentation/content/server_admin/topics/clients/oidc/confidential.html
Yahya
- 198
- 1
- 5
- 13
Sébastien Blanc
- 2,929
- 1
- 12
- 11
-
6With the current keycloak version that has moved a bit: in the "Capability config" section the "Client authentication" has to be enabled. That will change the access type to confidential and the new tab will appear. – Thomas Mar 17 '23 at 10:09
70
Client need to have the access-type set to confidential and you can see the client Secret in credentials tab 
ravthiru
- 8,878
- 2
- 43
- 52
53
Does keycloak client id has a client secret? I tried to create a client in keycloak admin but I was not able to spot client secret.
First, you should know that Keycloak implements OpenID Connect, which
is a simple identity layer on top of the OAuth 2.0 protocol.
According to the OAuth 2.0 protocol clients can be either confidential or public.
The main difference relates to whether or not the application is able to hold credentials (such as a client ID and secret) securely.
Regarding the confidential clients:
Because they use a trusted backend server, confidential applications can use grant types that require them to authenticate by specifying their client ID and client secret when calling the Token endpoint.
Armed with this knowledge you can easily create a client that will have a client secret as follows:
OLD Keycloak UI
- Create a client with "Access Type" set to confidential:
- Click the Save button;
- Afterwards a new tab named "Credentials" will show up :
- And there you can see the client secret:
NEW Keycloak UI
- Go to your realm and the Clients
- Click on the button
Createclient
- Set the
clientID, and the remains fields accordingly and clicknext - Set the option
Client authenticationtoON
- Click on
Save
To inspect the secret go to the clients > your client > tab credentials and click on the eye
In my personal Git repo you can find a script to extract the client secret. This script calls the endpoint
GET /{realm}/clients/{id}/client-secret
from the Keycloak admin API.
dreamcrash
- 47,137
- 25
- 94
- 117
10
In keycloak version 20, access-type does not exist an as option. If your client to be configured does not already have authentication on, set it on and then click save.
Your client will then have a "Credentials Tab" on the top, next to "Settings", "Keys", "Roles" etc.
Click on the Credentials tab and your Client secret is found on that screen.
Phong Phuong
- 369
- 4
- 8
4
Yes, each keycloak client has a client secret. But for this, you have to change the access type. This differs from the keycloak version. In specific versions, you have to change the Access type from Public to Confidential In specific versions, you have to enable the Client authentication under the Capability config.
On saving this, you can see the credentials tab
You can copy the auto-generated client secret. You can also regenerate it any time
Santhiya Gunasekaran
- 141
- 1
- 4
0
For me above mentioned step access-type tab not found. What did work for me is:
- Select your realm in my case "istiomesh"
- Select "clients" tab in left bar
- You may see two tabs "client list" and "Initial access token". Select later one and create Initial access token
4. Copy that token and use as secret
KHEMRAJD
- 41
- 4