<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>I’m trying to verify keycloak jwt signatures in a Java/Groovy, but I’m not succeeding. I’m new to crypto, so maybe I’m doing something stupid.</div>
<div><br>
</div>
<div>This is Groovy code. realmPublicKey is the publicKey string from the realm REST response. I’m using the jjwt library to parse the tokens, but I get the same result (signature verification failure) with the nimbus library:</div>
<div><br>
</div>
<div>
<div> Security.addProvider(new BouncyCastleProvider())</div>
<div> def publicKey = KeyFactory</div>
<div> .getInstance("RSA", "BC")</div>
<div> .generatePublic(new X509EncodedKeySpec(realmPublicKey.decodeBase64()))</div>
<div> def claims = Jwts.parser().setSigningKey(publicKey).parse(accessToken)</div>
</div>
<div><br>
</div>
<div>I get an exception during the parse:</div>
<div><br>
</div>
<div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>io.jsonwebtoken.SignatureException: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.</div>
</div>
<div><br>
</div>
<div>Is anyone able to see what I’m doing wrong here?</div>
<div><br>
</div>
<div>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;">
<b><span style="font-family: 'Arial Narrow', sans-serif; color: rgb(31, 73, 125);">Richard Rattigan<o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;">
<span style="font-size: 11pt; font-family: 'Arial Narrow', sans-serif; color: rgb(31, 73, 125);">Sonos | Sr. Software Engineer | Skype: Richard.RattiganSonos</span></p>
</div>
</body>
</html>