[keycloak-user] Realm Keys Public Access
Russell Davies
russell at zeroflux.net
Mon Sep 25 17:03:01 EDT 2017
Is there any way to access the realm keys without making an authenticated
request? That is by making a GET request to `/auth/admin/realms/{realm
name}/keys` without an authorization token.
I ask because when I add a new service, that needs to verify a JWT sent to
it, I have to manually authenticate, get the public key and then configure
a JWK from that. It would be easier if I could just tell me service the URL
and it would fetch the public key from the Keycloak API.
The response for the keys doesn't include any private information so I
don't see any issue in regard to security. Or am I missing something, or is
there another way to do this?
More information about the keycloak-user
mailing list