[keycloak-user] Validating JWT tokens

I have a client with a service account and credentials using Signed Jwt. Authentication works fine. The service uses org.keycloak.adapters.authentication.ClientCredentialsProviderUtils#setClientCredentials to create the JWT token and set the headers, and I get back a JWT containing an access token from Keycloak. However, when I use jwt.io to look at the access token, I can't validate the signature. This is true whether I use the client Certificate (from the client's Credentials tab), the Realm public key, or the Realm Certificate. In addition, I have generated the client's public key from the certificate using keytool -exportcert -alias x -keypass y -storepass z -rfc -keystore client-keystore.jks | openssl x509 -inform pem -pubkey on the jks file supplied when I generated the client credentials, and that doesn't work either. We've also been having trouble validating the signature programmatically using Java. Any idea why I might be seeing this? -- http://www.fastmail.com - Or how I learned to stop worrying and love email again