[keycloak-user] Using JSON Web Token Debugger with Keycloak generated tokens

Stian Thorgersen stian at redhat.com
Wed May 27 03:42:24 EDT 2015 

Works fine here. Keycloak uses RS256.

To get jwt.io to work you need to copy/paste the realm public key. Go to Keycloak admin console and select the realm. Click on Settings -> Keys. Copy the value of "Public Key". 

Next open http://jwt.io/. Select RS256. In the text-area that starts with "RSASHA256" (bottom/right textarea) delete everything between "-----BEGIN PUBLIC KEY-----" and "-----END PUBLIC KEY-----" and paste the public key from the Keycloak admin console. Make sure you keep those lines, otherwise it won't work.

Once you've done this generate an access_token and paste it into the "ENCODED" textarea.

----- Original Message -----
> From: "pubudu gunawardena" <pubudupg at gmail.com>
> To: keycloak-user at lists.jboss.org
> Sent: Wednesday, 27 May, 2015 8:51:29 AM
> Subject: [keycloak-user] Using JSON Web Token Debugger with Keycloak	generated tokens
> 
> Hi All,
> 
> I am trying to consume the Direct Access Grant API using a PHP client.
> I tried to inspect the tokens using the tool at http://jwt.io/, but
> the tool always says "Invalid Signature". What I would like to know is
> does Keycloak use a different algorithm to sign the response?
> Otherwise why does the on-line tool complain that the signature is
> invalid?
> 
> Following is a sample response I got from Keycloak.
> 
> {"access_token":"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI5Y2Y5YzUwYy1hNGFmLTRmMWQtOWE1NC0wZTEzYjYzYTVjOTAiLCJleHAiOjE0MzI3MDkyNjYsIm5iZiI6MCwiaWF0IjoxNDMyNzA4OTY2LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvcXYyIiwiYXVkIjoicXYyLXJlc3QiLCJzdWIiOiI1MjYxMGUyNS1kMDhmLTQ3MmEtYWU1ZC1jOThhNmU2MmI4ZDMiLCJhenAiOiJxdjItcmVzdCIsInNlc3Npb25fc3RhdGUiOiIyMzQ1ZmY0Mi1lYTQ1LTRhNjEtYWIxYi0yNWQxY2VjZmY3MjIiLCJjbGllbnRfc2Vzc2lvbiI6ImYxYzU1MzZmLWYwZmUtNDUwNy1iZjQyLWU0MzU0MDVhNGIyYiIsImFsbG93ZWQtb3JpZ2lucyI6W10sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbInZpZXctcHJvZmlsZSIsIm1hbmFnZS1hY2NvdW50Il19fSwiZW1haWwiOiJwdWJ1ZHVAc29tZXdoZXJlLmNvbSIsIm5hbWUiOiJQdWJ1ZHUgR3VuYXdhcmRlbmEiLCJmYW1pbHlfbmFtZSI6Ikd1bmF3YXJkZW5hIiwicHJlZmVycmVkX3VzZXJuYW1lIjoicHVidWR1IiwiZ2l2ZW5fbmFtZSI6IlB1YnVkdSJ9.a5MRV5lfzjDd0VftEigxr-VXJ7vxohUZj5bpMDvZ7opHaM-FccNVtIUrNDgW2rXCZJAI1B0tUAlJlngrIFghJxoQANnpCJxzqjlkbV-gh1j7CaQSWX0-KA9OZPSvhyhRhs4MzsCxirBwEhmWcyuaDECp0UjfEP22LhnXf3mSpmMJ7HfyikClcWfW_ykEb7fwOnFe5jk9thSqaQ!
>  KWroFksBWT0_fAZuGdkfyG6rBCFHRCnQm31vn6I5SwZOpAx1YatAbK85Sc3tAcitpFnd8twFr0aC95Fbcghb_TbrivJrL0J5qN77f-9DQKJ_fy1FHljTxYwfbIyx1HQwvyq1HOFQ","expires_in":300,"refresh_expires_in":1800,"refresh_token":"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI0NjJmYzNmNS1kMjRkLTQ1MTItOWY3My00NzllZGQ4NTBhNzAiLCJleHAiOjE0MzI3MTA3NjYsIm5iZiI6MCwiaWF0IjoxNDMyNzA4OTY2LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvcXYyIiwic3ViIjoiNTI2MTBlMjUtZDA4Zi00NzJhLWFlNWQtYzk4YTZlNjJiOGQzIiwidHlwIjoiUkVGUkVTSCIsImF6cCI6InF2Mi1yZXN0Iiwic2Vzc2lvbl9zdGF0ZSI6IjIzNDVmZjQyLWVhNDUtNGE2MS1hYjFiLTI1ZDFjZWNmZjcyMiIsImNsaWVudF9zZXNzaW9uIjoiZjFjNTUzNmYtZjBmZS00NTA3LWJmNDItZTQzNTQwNWE0YjJiIiwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsidmlldy1wcm9maWxlIiwibWFuYWdlLWFjY291bnQiXX19fQ.X_aBtZzKHPCsRqo9ShOxtsQgTZOYaVNEZDmfvfWSxCafE6kpC5yIcz9xFW2CfYo2ttm5i3GMb-aho-nyU3IEmhZkZ-DjHjxCLHO_Vlt5MBKtVF9L7-v5qWRP4va5rLUa8O1JshjRP1yW1r7SvLafqE8jLYvn3vknPhYp1ts3EhcmckIHiXS5dW_tO4XxBx7tE0kSWlUoCe_10IqqW6uRKXFuwfRWLd2KDUIIth4g2YoUrw!
>  FyQBxt2qcdjm4MQPVF0-JpNxWZN3VwbOcpKLG0gSsGppvmhuJI0eRujJzbAlxL!
>  3fY9682U
> ZLE9JTzzX4gRTaxL5VZGau6Q0iIfzh_U1A","token_type":"bearer","id_token":"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI3ZWM1MTdhOS1hZjg2LTRiMDEtYjUyZi1lNjExOWMwYjBhZTciLCJleHAiOjE0MzI3MDkyNjYsIm5iZiI6MCwiaWF0IjoxNDMyNzA4OTY2LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvcXYyIiwiYXVkIjoicXYyLXJlc3QiLCJzdWIiOiI1MjYxMGUyNS1kMDhmLTQ3MmEtYWU1ZC1jOThhNmU2MmI4ZDMiLCJhenAiOiJxdjItcmVzdCIsInNlc3Npb25fc3RhdGUiOiIyMzQ1ZmY0Mi1lYTQ1LTRhNjEtYWIxYi0yNWQxY2VjZmY3MjIiLCJlbWFpbCI6InB1YnVkdUBzb21ld2hlcmUuY29tIiwibmFtZSI6IlB1YnVkdSBHdW5hd2FyZGVuYSIsImZhbWlseV9uYW1lIjoiR3VuYXdhcmRlbmEiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJwdWJ1ZHUiLCJnaXZlbl9uYW1lIjoiUHVidWR1In0.C5REGCEQyaWmkhbc0DrWW74m0bbeM2cKWcKJvlkvz17VZPh9sZ1eaiXdRD9pGZ1iACGPLpoCYrMkcrF5FbIX7ng7NggVbf2VEdNCeDUgZ8oDRSJlKyqeGdYWnKsi6dpwrmcPZW9BffWcqkzJv1BUbSII2tejjnB4BWz7bCvesF3ge_KKwkfy-COk8RGx_G4oxp21Ik1pQbVoiqifRQALuK252NKuuV-sXI4dd4ltj0TOca9DKNHlHMyCoRVwDVRsqMMWGfWXpqwacEh35wp8r3VDgQ00vcOnEfiraadwoPYnIsjPK5ZnfSFZlBxyDTNP76tXX1Jd5AHMUPyvOC1YhA","not-befor!
>  e-policy":0,"session-state":"2345ff42-ea45-4a61-ab1b-25d1cecff722"}
> 
> --
> Thanks,
> Pubudu
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list