Dear List Members,
I am working on implementing a Single Sign On with keycloak and I have
implemented the Standard Flow, I can exchange the Authorization Grant to
receive the tokens, but I cannot find a way to verify them.
Each time I try to check the token, classical tools like jwt.io or
https://www.jsonwebtoken.io/ says the signature is incorrect.
I would like to know, which secret does Keycloak use to sign (with
HS256) the tokens ? And where can I find it ?
I tried the client secret, but it seems wrong to me.
Many thanks for your help,
Cheers,
Bruno Mairlot