Re: [keycloak-user] Getting a realm public key without credentials

Hi, we are trying to integrate keycloak in our system, and in order to check the genreate access token, we need a realm public key. We would like to avoid configuring crednetila on all endpoint needing to check a JWT token, so it would be great to be able to get keycloak key without any credentials. i did found the endpoint http://localhost:8080/auth/realms/{realm} <http://%7b%7bkchost%7d%7d:8080/auth/realms/ISEP/> which give the following json,without auth: {"realm":{realm},"public_key":"xx","token-service":"http:// localhost:8080/auth/realms/{realm}/protocol/openid-connect ","account-service":"http://localhost:8080/auth/realms/{realm}/account ","tokens-not-before":0} Unfortunately, here there is no key id, so i can't handle several JWT provider or even a single keycloak with key rotation. Now, i found a more detailed key interface under http://localhost:8080/auth/admin/realms/{realms}/keys, returning for each key the status, type (algorithm), an the keyid. But i need credentials to access this interface, even though its only public data (HMAC & AES keys are NOT provided). I accessed it with the keycloak master admin, i do not want to spread his credentials everywhere, but i would be ok if i could create a user with limited rights to access only that Any suggestions on how to proceed ? Is there another endpoint to get this fulll info ? The doc doesnt clearly states the roles needed to access auth/admin/realms/{realms}/keys Thank you JB _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user