<div dir="ltr">Hi,<div><br></div><div>I would like to ask what is the recommended way for validating a token I received from a keycloak server.</div><div><br></div><div>Specifically, I have the following.</div><div><br></div><div>1. A keycloak server running v. 1.0.4Final.</div><div><br></div><div>2. A javascript client using the js adapter provided for 1.0.4Final</div><div><br></div><div>3. REST services on a wildfly server using 1.4.0 adapter for wildfly 9.</div><div><br></div><div>I use the JS adapter to receive a token from keycloak server.</div><div><br></div><div>The token seems to be a JWT, but when it is included in the Authorization header for the REST request I make to the REST service that is on wildfly I get back an 'invalid signature' response.</div><div><br></div><div>I also fail to verify the token if I enter the relevant info on <a href="http://jwt.io">jwt.io</a> (token and public key).</div><div><br></div><div>So my question is</div><div>1. Does the 1.0.4Final version sign the tokens?</div><div>2. What is the recommended way for the REST service to validate the token present on the Authorization/Bearer header of a REST request?</div><div><br></div><div>Thanks in advance for any answers</div><div><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Nikos<br></div></div>
</div></div>