[keycloak-user] Can decrypt identified HS256 refresh token with RS256 public key with client credentials grant
Stian Thorgersen
sthorger at redhat.com
Mon Sep 9 11:01:16 EDT 2019
Refresh tokens are JWS / signed tokens with HS256. You can decode/view the
contents, but won't be able to verify the signature as the keys are not
shared outside Keycloak server.
For the record there's nothing sensitive in the refresh token that is not
already available in ID/access tokens. Further, you should not rely on
information in the refresh token or the format of it as it can change from
release to release.
On Mon, 9 Sep 2019, 13:50 Eric Brown, <someericbrown at gmail.com> wrote:
> Hello,
>
> At first I struggled to understand why pyJWT was raising an error when
> decoding a refresh token issued from keycloak using the client
> credentials grant. The specified error was : "The specified key is an
> asymmetric key or x509 certificate and should not be used as an HMAC
> secret. "
>
> I now understand the issue:
> The refresh token identifies itself as being HS256 encrypted in header so
> pyjwt raise an error when I try to decrypt it with keycloak public key.
> The problem is that I am able to decrypt it with the public key when
> bypassing verification with verify=False to pyjwt.decode.
>
> The access token received are identified as RS256 and are fine.
>
> Pyjwt behavior with enabled verify is thuscorrect when preventing decode of
> HS256 tokens with public keys.
>
> The problem now seems to be this:
>
> Shouldn't it be impossible to decrypt the HS256 refresh token with the
> public key at all?
>
> So it might seem that the refresh tokens are incorrectly labelled as HS256
> in header but at truly RS256.
>
> Thanks,
>
> Eric
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list