...I suddenly had the idea, that the auth request returns the auth code that
is then used to get an access token. So the auth code is just returned to
its origin. So the "share secret" CEK is not a shared secret, but only known
by the Keycloak server. So it makes sense, that I could not find the
information, where to get the CEK, since the Keycloak server is the only one
who needs it.
Could someone please confirm?
Thanks
Tim
Von: Tim Rademacher <t.rademacher(a)gmx.de>
Gesendet: Dienstag, 6. November 2018 13:21
An: 'keycloak-user(a)lists.jboss.org' <keycloak-user(a)lists.jboss.org>
Betreff: CEK key for alg:dir
Hi all,
I am somewhat struggling with Keycloak (Version 4.5.0) and I would like to
view the data return from an authorization request. I retrieve the token and
would like to look into it.
I see, there are 5 parts:
1. Header
2. CEK
3. Init Vector
4. Content (encrypted)
5. Auth Tag
The header mentions the Algorithm to be DIR and the Encryption Algorithm tob
e A128CBC-HS256.
The RFC7518 says, that DIR means "Direct use of a shared symmetric key as
the CEK".
So I wonder, how would the shared key come to the client to decrypt the
content?
How would I be able to decrypt the token (where would I get the token from)?
Thank you very much!
Tim
Show replies by date