I suggest using RSA instead of HS256. With RSA you can confirm the the
authenticity of the JWT by using Keycloak's public key. The url
https://<keycloak-server>/auth/realms/<realm>
contains a json response with the public key.
On Mon, Sep 23, 2019 at 5:02 AM Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Keycloak does not support a shared secret at the moment. Tokens
signed with
HS256 can only be verified by Keycloak.
Why are you asking?
On Fri, 20 Sep 2019, 19:30 Sam Lewis, <sam(a)focus21.io> wrote:
> How do you retrieve and HS256 shared secret?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user