Thanks to visit codestin.com
Credit goes to Github.com

Skip to content

Admin API V2: allow to generate secret for clients with authentication method 'client-secret' #46257

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
michalvavrik wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Admin API V2: allow to generate secret for clients with authentication method 'client-secret' #46257

michalvavrik wants to merge 1 commit into from

Conversation

@michalvavrik
Copy link
Member

@michalvavrik michalvavrik commented Feb 12, 2026
edited
Loading

New behavior follows how I understand what is described in the linked issue. That is:

  • adds endpoint that supports generation of secret for authentication method 'client-secret'
  • if confidential client is created with method 'client-secret' without secret, we generate it and return it
  • if confidential client is updated (PUT) with method 'client-secret' without secret, we generate it
  • if confidential client is patched with method 'client-secret' without secret, we generate it
  • if confidential client with 'client-secret' auth method is patched without auth config, we keep the previous (existing) authentication configuration including the secret
  • if confidential client with 'client-secret' auth method is updated without auth config, we turn the client into public client
  • if confidential client with 'client-secret' auth method is updated or patched with auth object that has method 'client-secret' but no secret, we only generate the secret if it wasn't previously present on the client model

@michalvavrik michalvavrik requested review from a team as code owners February 12, 2026 00:09
mabartos
mabartos reviewed Feb 12, 2026
View reviewed changes
Copy link
Contributor

@mabartos mabartos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@michalvavrik Just a brief syntactic review for now.

@michalvavrik
Copy link
Member Author

michalvavrik commented Feb 12, 2026

Re CI failures: LoggingDistTest.httpAccessLogMaskedCookiesDiffFormat is passing for me locally, I'll just not investigate for now. Maybe it is flaky and it will be fixed when pushing changes.

@michalvavrik michalvavrik force-pushed the feature/issue-46136-gen-cl-sec branch 2 times, most recently from 76a97dd to 07e5b9a Compare February 12, 2026 11:50
@michalvavrik
feat(admin api v2): add client secret generation
6ce6e51 
New behavior follows what is described in the linked issue. That is:

- adds endpoint that supports generation of secret for authentication method 'client-secret'
- if confidential client is created with method 'client-secret' without secret, we generate it and return it
- if confidential client is updated (PUT) with method 'client-secret' without secret, we generate it
- if confidential client is patched with method 'client-secret' without secret, we generate it
- if confidential client with 'client-secret' auth method is patched without auth config, we keep the previous (existing) authentication configuration including the secret
- if confidential client with 'client-secret' auth method is updated or patched with auth object that has method 'client-secret', we only generate the secret if it wasn't previously present on the client model

Closes: keycloak#46136

Signed-off-by: Michal Vavřík <[email protected]>
@michalvavrik michalvavrik force-pushed the feature/issue-46136-gen-cl-sec branch from 07e5b9a to 6ce6e51 Compare February 12, 2026 11:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shawkins shawkins Awaiting requested review from shawkins

@vmuzikar vmuzikar Awaiting requested review from vmuzikar

@mabartos mabartos Awaiting requested review from mabartos

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

team/cloud-native

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support for generating client secret in Client v2

2 participants

@michalvavrik @mabartos