Home > Mobile >  Keycloak OpenID .well-known/ endpoints security issue
Keycloak OpenID .well-known/ endpoints security issue

Time:01-12

I use Keycloak with OpenID and I am wondering how to disable or remove well-known endpoints like: ...well-known/openid-configuration ...well-known/uma2-configuration and ...protocol/openid-connect/certs

mentioned endpoints are available which is not good in terms of security in my system

CodePudding user response:

Clients and API usually needs to be able to access these endpoints to for example configure them selves and also to download the public signing keys.

They don't contain any private information and even companies like Google exposes their own document here https://accounts.google.com/.well-known/openid-configuration

So, I wouldn't be to worry about that.

Page link:https//www.codepudding.com/Mobile/260478.html

Prev:TextChanged Event is not getting fired - MVVM Xamarin Forms
Next:How to send extra **Kwargs to event click method of an ipyvuetify button
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding