Our adapters check the validity of the token by checking the signature (using the realm public key) and also checks the expiration times of the token as well.

On 1 December 2015 at 14:49, Pavel Maslov <pavel.masloff@gmail.com> wrote:

Hi everyone,

How does a Java service (secured with Keycloak) checks the validity of token? Does it have all the necessary info in keycloak.json or does it make an extra call to the keycloak auth server?

Thank you.

Regards,
Pavel Maslov, MS

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user