[keycloak-user] Validating keycloak access tokens

Stian Thorgersen sthorger at redhat.com
Mon Sep 21 02:29:43 EDT 2015

jwt.io is a bit sensitive you need to select rs256 and paste in the realm
public key before passing in the token.

Are you actually using both 1.0.4 and 1.4.0? If so it's quite likely that's
the reason why the token is failing. The recommended way of verifying the
token would be to use the adapters like what you're already doing in your
REST service.

On 19 September 2015 at 10:56, Nicholaos Petalidis <nikos at petalidis.gr>

> Hi,
> I would like to ask what is the recommended way for validating a token I
> received from a keycloak server.
> Specifically, I have the following.
> 1. A keycloak server running v. 1.0.4Final.
> 2. A javascript client using the js adapter provided for 1.0.4Final
> 3. REST services on  a wildfly server using 1.4.0 adapter for wildfly 9.
> I use the JS adapter to receive a token from keycloak server.
> The token seems to be a JWT, but when it is included in the Authorization
> header for the REST request I make to the REST service that is on wildfly I
> get back an 'invalid signature' response.
> I also fail to verify the token if I enter the relevant info on jwt.io
> (token and public key).
> So my question is
> 1. Does the 1.0.4Final version sign the tokens?
> 2. What is the recommended way for the REST service to validate the token
> present on the Authorization/Bearer header  of a REST request?
> Thanks in advance for any answers
> --
> Nikos
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150921/71bad50e/attachment.html 

More information about the keycloak-user mailing list