HS* signing algorithms can not be verified by the client today as it is not
using a shared secret, rather a secret only Keycloak knows. You need to
pick a different algorithm or use token introspection endpoint.
On Tue, 2 Oct 2018, 22:21 Wyllys Ingersoll, <wyllys.ingersoll(a)keepertech.com>
wrote:
Im trying to verify a JWT access token from Keycloak using the
python
jose-jwt library, but cannot seem to get it to succeed. When using the
HS512 algorithm, how does one retrieve the key needed to verify the JWT
tokens?
The JWT header decodes to something like this:
{"alg":"HS512","typ" :
"JWT","kid" : "eb31076b-bce6-495a-9a4b-e3210e14b342"}, but
I don't see how
to get the key associated with the given kid value above.
I tried using the "client secret" from the credential section, but thats
not working.
What am I missing?
thanks!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user