[keycloak-user] JWT signature verification failure
Richard.Rattigan at sonos.com
Tue Nov 11 19:50:40 EST 2014
I'm trying to verify keycloak jwt signatures in a Java/Groovy, but I'm not succeeding. I'm new to crypto, so maybe I'm doing something stupid.
This is Groovy code. realmPublicKey is the publicKey string from the realm REST response. I'm using the jjwt library to parse the tokens, but I get the same result (signature verification failure) with the nimbus library:
def publicKey = KeyFactory
def claims = Jwts.parser().setSigningKey(publicKey).parse(accessToken)
I get an exception during the parse:
io.jsonwebtoken.SignatureException: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.
Is anyone able to see what I'm doing wrong here?
Sonos | Sr. Software Engineer | Skype: Richard.RattiganSonos
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the keycloak-user