5:37 a.m.
Keycloak does not support a shared secret at the moment. Tokens signed with
HS256 can only be verified by Keycloak.
Why are you asking?
On Fri, 20 Sep 2019, 19:30 Sam Lewis, <sam(a)focus21.io> wrote:
How do you retrieve and HS256 shared secret?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
10:06 a.m.
I suggest using RSA instead of HS256. With RSA you can confirm the the
authenticity of the JWT by using Keycloak's public key. The url
https://<keycloak-server>/auth/realms/<realm>
contains a json response with the public key.
On Mon, Sep 23, 2019 at 5:02 AM Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Keycloak does not support a shared secret at the moment. Tokens
signed with
HS256 can only be verified by Keycloak.
Why are you asking?
On Fri, 20 Sep 2019, 19:30 Sam Lewis, <sam(a)focus21.io> wrote:
> How do you retrieve and HS256 shared secret?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
11:57 a.m.
Is there any way we can use RSA for signing refresh tokens instead of HS256?
Thanks
Nithin
On 9/23/19, 8:25 AM, "keycloak-user-bounces(a)lists.jboss.org on behalf of Nick
Powers" <keycloak-user-bounces(a)lists.jboss.org on behalf of sshscp(a)gmail.com>
wrote:
[External Email]
________________________________
I suggest using RSA instead of HS256. With RSA you can confirm the the
authenticity of the JWT by using Keycloak's public key. The url
https://<keycloak-server>/auth/realms/<realm>
contains a json response with the public key.
On Mon, Sep 23, 2019 at 5:02 AM Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Keycloak does not support a shared secret at the moment. Tokens
signed with
HS256 can only be verified by Keycloak.
Why are you asking?
On Fri, 20 Sep 2019, 19:30 Sam Lewis, <sam(a)focus21.io> wrote:
> How do you retrieve and HS256 shared secret?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3:34 a.m.
Refresh tokens should not be verified by applications, nor should they be
used by applications for anything other than obtaining new tokens. They
should be considered opaque.
On Mon, 23 Sep 2019, 18:57 Chandrashekhar, Nithin, <
Nithin.Chandrashekhar(a)teradata.com> wrote:
Is there any way we can use RSA for signing refresh tokens instead
of
HS256?
Thanks
Nithin
On 9/23/19, 8:25 AM, "keycloak-user-bounces(a)lists.jboss.org on behalf of
Nick Powers" <keycloak-user-bounces(a)lists.jboss.org on behalf of
sshscp(a)gmail.com> wrote:
[External Email]
________________________________
I suggest using RSA instead of HS256. With RSA you can confirm the the
authenticity of the JWT by using Keycloak's public key. The url
https://<keycloak-server>/auth/realms/<realm>
contains a json response with the public key.
On Mon, Sep 23, 2019 at 5:02 AM Stian Thorgersen <sthorger(a)redhat.com>
wrote:
> Keycloak does not support a shared secret at the moment. Tokens
signed with
> HS256 can only be verified by Keycloak.
>
> Why are you asking?
>
> On Fri, 20 Sep 2019, 19:30 Sam Lewis, <sam(a)focus21.io> wrote:
>
> > How do you retrieve and HS256 shared secret?
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
11:09 a.m.
Check out the following link:
https://medium.com/@ddarie/jwt-authentication-with-sha-and-rsa-307e272f913f
under
the "Customise JWT to use RSA256" section.
On Wed, Sep 25, 2019 at 2:35 AM Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Refresh tokens should not be verified by applications, nor should
they be
used by applications for anything other than obtaining new tokens. They
should be considered opaque.
On Mon, 23 Sep 2019, 18:57 Chandrashekhar, Nithin, <
Nithin.Chandrashekhar(a)teradata.com> wrote:
> Is there any way we can use RSA for signing refresh tokens instead of
> HS256?
>
> Thanks
> Nithin
>
> On 9/23/19, 8:25 AM, "keycloak-user-bounces(a)lists.jboss.org on behalf
> of Nick Powers" <keycloak-user-bounces(a)lists.jboss.org on behalf of
> sshscp(a)gmail.com> wrote:
>
> [External Email]
> ________________________________
>
> I suggest using RSA instead of HS256. With RSA you can confirm the
> the
> authenticity of the JWT by using Keycloak's public key. The url
> https://<keycloak-server>/auth/realms/<realm>
> contains a json response with the public key.
>
> On Mon, Sep 23, 2019 at 5:02 AM Stian Thorgersen <sthorger(a)redhat.com
> >
> wrote:
>
> > Keycloak does not support a shared secret at the moment. Tokens
> signed with
> > HS256 can only be verified by Keycloak.
> >
> > Why are you asking?
> >
> > On Fri, 20 Sep 2019, 19:30 Sam Lewis, <sam(a)focus21.io> wrote:
> >
> > > How do you retrieve and HS256 shared secret?
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user(a)lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
1931
days inactive
1937
days old
5 comments
4 participants
participants (4)
-
Chandrashekhar, Nithin -
Nick Powers -
Sam Lewis -
Stian Thorgersen