1

I am wondering if Keycloak direct grant flow is secured ? I would definitely prefer login users from pages of my Angular web application and if I understand properly, to do so I have to use the Keycloak direct grant flow.

But, this grant flow is used with grant_type OAuth parameter set to password and it seems that OAuth password grant flow is about to be deprecated with OAuth 2.1. Is it secure to use it within Keycloak ? Or should I consider it deprecated ?

mlbiche
  • 67
  • 2
  • 9
  • 4
    I would recommend to read https://www.scottbrady91.com/OAuth/Why-the-Resource-Owner-Password-Credentials-Grant-Type-is-not-Authentication-nor-Suitable-for-Modern-Applications – Jan Garaj Oct 19 '20 at 19:17
  • 1
    Cheers ! Definitely good reading – mlbiche Oct 20 '20 at 07:57

0 Answers0