*What*
* Implement the function. It should be similar to the Android implementation
* It should have unit tests
* The example app should be updated to allow verify the implementation
Note: Keycloak is using RSA to sign the JWT tokens so we must use this algorithm when verifying. There doesn't seem to be a library that supports parsing of JWKs so we need to do this ourselves. We can get the public key by making a request
Another option was to contribute upstream to Keycloak to include the ` jwksUrl x5c ` endpoint and using the modulus and exponent of the JWK property in the JWKS response . An example of generating from the public key using modulus and exponent is described [here| JWKS endpoint but they have rejected these feature requests before. See -> https:// stackoverflow issues . com jboss.org / questions browse / 29669858/generate KEYCLOAK - rsa-public-key-from-modulus-and-exponent] 3166 |
|
