[keycloak-user] Public key for verifying JWT?
Stian Thorgersen
sthorger at redhat.com
Wed Oct 3 01:30:21 EDT 2018
HS* signing algorithms can not be verified by the client today as it is not
using a shared secret, rather a secret only Keycloak knows. You need to
pick a different algorithm or use token introspection endpoint.
On Tue, 2 Oct 2018, 22:21 Wyllys Ingersoll, <wyllys.ingersoll at keepertech.com>
wrote:
> Im trying to verify a JWT access token from Keycloak using the python
> jose-jwt library, but cannot seem to get it to succeed. When using the
> HS512 algorithm, how does one retrieve the key needed to verify the JWT
> tokens?
>
> The JWT header decodes to something like this: {"alg":"HS512","typ" :
> "JWT","kid" : "eb31076b-bce6-495a-9a4b-e3210e14b342"}, but I don't see how
> to get the key associated with the given kid value above.
>
> I tried using the "client secret" from the credential section, but thats
> not working.
>
> What am I missing?
>
> thanks!
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list