[keycloak-user] HS256 Shared Secret
Chandrashekhar, Nithin
Nithin.Chandrashekhar at Teradata.com
Mon Sep 23 12:57:32 EDT 2019
Is there any way we can use RSA for signing refresh tokens instead of HS256?
Thanks
Nithin
On 9/23/19, 8:25 AM, "keycloak-user-bounces at lists.jboss.org on behalf of Nick Powers" <keycloak-user-bounces at lists.jboss.org on behalf of sshscp at gmail.com> wrote:
[External Email]
________________________________
I suggest using RSA instead of HS256. With RSA you can confirm the the
authenticity of the JWT by using Keycloak's public key. The url
https://<keycloak-server>/auth/realms/<realm>
contains a json response with the public key.
On Mon, Sep 23, 2019 at 5:02 AM Stian Thorgersen <sthorger at redhat.com>
wrote:
> Keycloak does not support a shared secret at the moment. Tokens signed with
> HS256 can only be verified by Keycloak.
>
> Why are you asking?
>
> On Fri, 20 Sep 2019, 19:30 Sam Lewis, <sam at focus21.io> wrote:
>
> > How do you retrieve and HS256 shared secret?
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list