[keycloak-user] Validating keycloak access tokens

Nicholaos Petalidis nikos at petalidis.gr
Sat Sep 19 04:56:14 EDT 2015


I would like to ask what is the recommended way for validating a token I
received from a keycloak server.

Specifically, I have the following.

1. A keycloak server running v. 1.0.4Final.

2. A javascript client using the js adapter provided for 1.0.4Final

3. REST services on  a wildfly server using 1.4.0 adapter for wildfly 9.

I use the JS adapter to receive a token from keycloak server.

The token seems to be a JWT, but when it is included in the Authorization
header for the REST request I make to the REST service that is on wildfly I
get back an 'invalid signature' response.

I also fail to verify the token if I enter the relevant info on jwt.io
(token and public key).

So my question is
1. Does the 1.0.4Final version sign the tokens?
2. What is the recommended way for the REST service to validate the token
present on the Authorization/Bearer header  of a REST request?

Thanks in advance for any answers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150919/ef1cbf51/attachment-0001.html 

More information about the keycloak-user mailing list