[keycloak-user] JWT signature verification failure

Richard Rattigan Richard.Rattigan at sonos.com
Wed Nov 12 05:40:10 EST 2014 

That clears that up. Thanks!


On 11/11/14, 8:58 PM, "Bill Burke" <bburke at redhat.com> wrote:

>In the meantime, you could use our impl until I fix it.
>
>On 11/11/2014 8:55 PM, Bill Burke wrote:
>> Looking at jjwt, they do this algorithm:
>>
>> sign(base64enocdedheader + "." + bsase64encodedContent)
>>
>> We just sign the content.  Just verified that our impl is wrong.  I'll
>> fix this for next release.
>>
>> On 11/11/2014 7:50 PM, Richard Rattigan wrote:
>>> I¹m trying to verify keycloak jwt signatures in a Java/Groovy, but I¹m
>>> not succeeding. I¹m new to crypto, so maybe I¹m doing something stupid.
>>>
>>> This is Groovy code. realmPublicKey is the publicKey string from the
>>> realm REST response. I¹m using the jjwt library to parse the tokens,
>>>but
>>> I get the same result (signature verification failure) with the nimbus
>>> library:
>>>
>>>       Security.addProvider(new BouncyCastleProvider())
>>>       def publicKey = KeyFactory
>>>               .getInstance("RSA", "BC")
>>>               .generatePublic(new
>>> X509EncodedKeySpec(realmPublicKey.decodeBase64()))
>>>       def claims =
>>>Jwts.parser().setSigningKey(publicKey).parse(accessToken)
>>>
>>> I get an exception during the parse:
>>>
>>> io.jsonwebtoken.SignatureException: JWT signature does not match
>>>locally
>>> computed signature. JWT validity cannot be asserted and should not be
>>> trusted.
>>>
>>> Is anyone able to see what I¹m doing wrong here?
>>>
>>> *Richard Rattigan*
>>>
>>> Sonos | Sr. Software Engineer | Skype: Richard.RattiganSonos
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>
>-- 
>Bill Burke
>JBoss, a division of Red Hat
>http://bill.burkecentral.com
>_______________________________________________
>keycloak-user mailing list
>keycloak-user at lists.jboss.org
>https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list