You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -107,27 +107,27 @@ server.route([
107
107
## API
108
108
#### Plugin Options
109
109
110
-
> **Hint**: By default, the Keycloak server has built-in two ways to authenticate the client: client ID and client secret, or with a signed JWT. This plugin supports both. Check the description of `secret` and `publicKey` for further information.
110
+
> By default, the Keycloak server has built-in two ways to authenticate the client: client ID and client secret, or with a signed JWT. This plugin supports both. Check the description of `secret` and `publicKey` for further information.
111
111
>
112
-
> If the signed JWTs are used as online strategy, ensure that the identifier of the related realm key (`kid`) is included in their header.
112
+
> If the signed JWTs are used as online strategy, ensure that the identifier of the related realm key is included in their header as `kid`.
113
113
>
114
114
> | Strategy | Online | Option |
115
115
> |:------------|:------:|:------------|
116
116
> | ID + Secret | x |`secret`|
117
117
> | Signed JWT | x ||
118
118
> | Signed JWT ||`publicKey`|
119
119
120
-
-`realmUrl {string}`: The absolute uri of the Keycloak realm.<br/>
120
+
-`realmUrl {string}` – The absolute uri of the Keycloak realm.<br/>
-`clientId {string}` The identifier of the Keycloak client/application.<br/>
123
+
-`clientId {string}`– The identifier of the Keycloak client/application.<br/>
124
124
Required. Example: `foobar`<br/>
125
125
126
-
-`secret {string}` The related secret of the Keycloak client/application.<br/>
126
+
-`secret {string}`– The related secret of the Keycloak client/application.<br/>
127
127
Defining this option enables the traditional method described in the OAuth2 specification. To perform an almost offline validation enable the cache — a simple offline verfication with symmetric keys is not provided for security reasons.<br/>
128
128
Optional. Example: `1234-bar-4321-foo`<br/>
129
129
130
-
-`publicKey {string}` The related public key of the Keycloak client/application.<br/>
130
+
-`publicKey {string}`– The related public key of the Keycloak client/application.<br/>
131
131
Defining this option enables the offline validation using signed JWTs. The public key has to be in [PEM][pem] or [JWK][jwk] format. If you define neither `secret` nor `public` key, the plugin assumes that a signed JWT has to be validated – it retrieves the public key itself from `{realmUrl}/protocol/openid-connect/certs`. The offline strategy its performance is higher but the online strategy is the most flexible one.<br/>
0 commit comments