Re: [keycloak-user] HMAC and its implementation for a mobile app

Hi, This is just a general question about HMAC and its implementation for a mobile app. The backend is a set of layers and one of it is a WebSphere Broker that has to send a message digest of JSON data. In order to ensure both data integrity and authenticity we also need a shared secret. This means that we need to distribute the shared key and store it somewhere. What do keycloak users use for this scenario ? Does the Android mobile app. Request for a shared key which the backend also knows(like what the AWS REST flow does) ? How is this done ? If we want to use digital signatures then the apps. Need one part of a keypair. How can we distribute and share the public keys ? We don’t have any requirement for OAuth. Thanks, Mohan This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful. Where permitted by applicable law, this e-mail and other e-mail communications sent to and from Cognizant e-mail addresses may be monitored. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user