Add support for client-secret beside client-id about cypress-keycloak-commands HOT 11 OPEN

Sorry for Hijacking this issue but it didn't seem to make sense to create a new issue. In my project I did get an error about a client_secret. I've added it to a PR here #15

I've also ran the test of this project agains Keycloak 9 and 10

from cypress-keycloak-commands.

@Fredx87 Any ETA on this issue and the PR? Would love to use this soon. Otherwise I might have to resort to using my own fork but I don't really want to publish it myself if the PR could get merged

from cypress-keycloak-commands.

I tried installing the patch using
npm install 'github:Shuyinsama/cypress-keycloak-commands#feature/add-client-secret-to-kclogin-command'
but node_modules/cypress-keycloak-commands/ is missing some files. The directory only contains:
index.d.ts LICENSE package.json README.md
and is missing the dist directory with the files
utils.js kc-logout.js kc-login.js kc-fake-login.js index.js
Also, cypress gives me the error:
Error: Can't walk dependency graph: Cannot find module 'cypress-keycloak-commands' from '/.../cypress/support'
required by /.../cypress/support/commands.js

from cypress-keycloak-commands.

@RoadRunner- Could you create a pull request, so that there's a chance to get this feature. I also need this fix and have to patch manually :-(

I've also seen a fork where this patch seems to be integrated: https://github.com/maknifirasing/cypress-keycloak-commands

from cypress-keycloak-commands.

Thank you for the PR, I will review it asap.

Anyway, I don't get what is the use case of passing the client secret in the "emulated" login of this plugin. The client used by the web application under test (and therefore by this plugin) should be a public client without secret, for security reasons. Quote from the keycloak documentation:

One important thing to note about using client-side applications is that the client has to be a public client as there is no secure way to store client credentials in a client-side application. This makes it very important to make sure the redirect URIs you have configured for the client are correct and as specific as possible.

from cypress-keycloak-commands.

Hi @Fredx87. In my case I need to set the secret because my backend communicates with keycloak. My frontend does not know about keycloak and is only secured by a spring boot application. There it's recommended to use a client secret.

Great to see the functionality added! 👍

from cypress-keycloak-commands.

@Fredx87 Thank you for your reply.

I will await your review and will work with you to adhere your guidelines so we can try and get this merged.

As @awallat mentions above me, our use case is also actually a spring boot application where the client_secret is recommended. Our frontend does not know of any Keycloak instance

from cypress-keycloak-commands.

Hello, I am also affected.

from cypress-keycloak-commands.

I'm having the same problem @RubenGarcia is having.
FFS guys, approve this!

from cypress-keycloak-commands.

Same for me, that s also blocking point for us

from cypress-keycloak-commands.

@RubenGarcia @KarmaCop213 & @smetsboris installing it that way doesn’t cut it, take a look at this article: https://dev.to/dannyaziz97/how-the-hell-do-i-use-my-forked-npm-package-4pei

TL;DR
Add this to you package.json

"scripts": {
    ...
    "postinstall": "cd ./node_modules/cypress-keycloak-commands && npm install && npm run build"
}

from cypress-keycloak-commands.