[Apiman-user] base64 encoding of tokens

Marc Savy marc.savy at redhat.com
Sun Oct 11 17:51:09 EDT 2015


Tim,

You're right. I'll have to update the blog.

What Keycloak returns in the access_token field is a JWT (see 
http://www.jtw.io), which is a string split into 3 base64 parts, 
separated by full stops (header, payload and signature info) as is 
highlighted on jwt.io when you paste your token :-).

Alternatively, if you use something like Ruby's Base64 decoder (which is 
a bit more tolerant), you'll see useful info coming out.

Regards,
Marc

On 11/10/2015 16:40, Tim Dudgeon wrote:
> According to this:
> http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html
> the tokens returned by keycloak are base64 encoded, but when I try to
> decode I get an error.
>
> $ curl -X POST
> http://192.168.59.103:8080/auth/realms/myrealm/protocol/openid-connect/token
> -H "Content-Type: application/x-www-form-urlencoded" -d "username=user1"
> -d 'password=secret' -d 'grant_type=password' -d 'client_id=echo' -s |
> jq -r '.access_token' | base64 -D
> Invalid character in input stream.
>
> How are the tokens supposed to be decoded?
>
> Tim
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>



More information about the Apiman-user mailing list