[keycloak-user] Getting a realm public key without credentials
Jean-Baptiste Fouet
jbf.nospam at gmail.com
Wed Jun 20 03:36:26 EDT 2018
Thanks, thats what i was looking for
JB
2018-06-19 17:40 GMT+02:00 Sebastien Blanc <sblanc at redhat.com>:
> /auth/realms/{my_realm}/.well-known/openid-configuration will give you a
> list of openId endpoints, there you can find `jwks_uri` and looks like it
> is what you are looking for , http://localhost:8080/auth/
> realms/{my_realm}/protocol/openid-connect/certs
>
> On Tue, Jun 19, 2018 at 5:01 PM, Jean-Baptiste Fouet <jbf.nospam at gmail.com
> > wrote:
>
>> Hi, we are trying to integrate keycloak in our system, and in order to
>> check the genreate access token, we need a realm public key. We would like
>> to avoid configuring crednetila on all endpoint needing to check a JWT
>> token, so it would be great to be able to get keycloak key without any
>> credentials.
>>
>> i did found the endpoint
>>
>> http://localhost:8080/auth/realms/{realm}
>> <http://%7b%7bkchost%7d%7d:8080/auth/realms/ISEP/>
>>
>> which give the following json,without auth:
>>
>> {"realm":{realm},"public_key":"xx","token-service":"http://l
>> ocalhost:8080/auth/realms/{realm}/protocol/openid-connect","
>> account-service":"http://localhost:8080/auth/realms/{realm}/account
>> ","tokens-not-before":0}
>>
>> Unfortunately, here there is no key id, so i can't handle several JWT
>> provider or even a single keycloak with key rotation.
>>
>> Now, i found a more detailed key interface under
>>
>> http://localhost:8080/auth/admin/realms/{realms}/keys, returning for
>> each key the status, type (algorithm), an the keyid.
>>
>> But i need credentials to access this interface, even though its only
>> public data (HMAC & AES keys are NOT provided).
>>
>> I accessed it with the keycloak master admin, i do not want to spread
>> his credentials everywhere, but i would be ok if i could create a
>> user with limited rights to access only that
>>
>> Any suggestions on how to proceed ? Is there another endpoint to get
>> this fulll info ?
>> The doc doesnt clearly states the roles needed to access
>>
>> auth/admin/realms/{realms}/keys
>>
>> Thank you
>>
>> JB
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
More information about the keycloak-user
mailing list