[keycloak-user] Using JSON Web Token Debugger with Keycloak generated tokens

[pubudu gunawardena]

Hi All,

I am trying to consume the Direct Access Grant API using a PHP client.
I tried to inspect the tokens using the tool at http://jwt.io/, but
the tool always says "Invalid Signature". What I would like to know is
does Keycloak use a different algorithm to sign the response?
Otherwise why does the on-line tool complain that the signature is
invalid?

Following is a sample response I got from Keycloak.

{"access_token":"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI5Y2Y5YzUwYy1hNGFmLTRmMWQtOWE1NC0wZTEzYjYzYTVjOTAiLCJleHAiOjE0MzI3MDkyNjYsIm5iZiI6MCwiaWF0IjoxNDMyNzA4OTY2LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvcXYyIiwiYXVkIjoicXYyLXJlc3QiLCJzdWIiOiI1MjYxMGUyNS1kMDhmLTQ3MmEtYWU1ZC1jOThhNmU2MmI4ZDMiLCJhenAiOiJxdjItcmVzdCIsInNlc3Npb25fc3RhdGUiOiIyMzQ1ZmY0Mi1lYTQ1LTRhNjEtYWIxYi0yNWQxY2VjZmY3MjIiLCJjbGllbnRfc2Vzc2lvbiI6ImYxYzU1MzZmLWYwZmUtNDUwNy1iZjQyLWU0MzU0MDVhNGIyYiIsImFsbG93ZWQtb3JpZ2lucyI6W10sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbInZpZXctcHJvZmlsZSIsIm1hbmFnZS1hY2NvdW50Il19fSwiZW1haWwiOiJwdWJ1ZHVAc29tZXdoZXJlLmNvbSIsIm5hbWUiOiJQdWJ1ZHUgR3VuYXdhcmRlbmEiLCJmYW1pbHlfbmFtZSI6Ikd1bmF3YXJkZW5hIiwicHJlZmVycmVkX3VzZXJuYW1lIjoicHVidWR1IiwiZ2l2ZW5fbmFtZSI6IlB1YnVkdSJ9.a5MRV5lfzjDd0VftEigxr-VXJ7vxohUZj5bpMDvZ7opHaM-FccNVtIUrNDgW2rXCZJAI1B0tUAlJlngrIFghJxoQANnpCJxzqjlkbV-gh1j7CaQSWX0-KA9OZPSvhyhRhs4MzsCxirBwEhmWcyuaDECp0UjfEP22LhnXf3mSpmMJ7HfyikClcWfW_ykEb7fwOnFe5jk9thSqaQKWroFksBWT0_fAZuGdkfyG6rBCFHRCnQm31vn6I5SwZOpAx1YatAbK85Sc3tAcitpFnd8twFr0aC95Fbcghb_TbrivJrL0J5qN77f-9DQKJ_fy1FHljTxYwfbIyx1HQwvyq1HOFQ","expires_in":300,"refresh_expires_in":1800,"refresh_token":"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI0NjJmYzNmNS1kMjRkLTQ1MTItOWY3My00NzllZGQ4NTBhNzAiLCJleHAiOjE0MzI3MTA3NjYsIm5iZiI6MCwiaWF0IjoxNDMyNzA4OTY2LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvcXYyIiwic3ViIjoiNTI2MTBlMjUtZDA4Zi00NzJhLWFlNWQtYzk4YTZlNjJiOGQzIiwidHlwIjoiUkVGUkVTSCIsImF6cCI6InF2Mi1yZXN0Iiwic2Vzc2lvbl9zdGF0ZSI6IjIzNDVmZjQyLWVhNDUtNGE2MS1hYjFiLTI1ZDFjZWNmZjcyMiIsImNsaWVudF9zZXNzaW9uIjoiZjFjNTUzNmYtZjBmZS00NTA3LWJmNDItZTQzNTQwNWE0YjJiIiwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsidmlldy1wcm9maWxlIiwibWFuYWdlLWFjY291bnQiXX19fQ.X_aBtZzKHPCsRqo9ShOxtsQgTZOYaVNEZDmfvfWSxCafE6kpC5yIcz9xFW2CfYo2ttm5i3GMb-aho-nyU3IEmhZkZ-DjHjxCLHO_Vlt5MBKtVF9L7-v5qWRP4va5rLUa8O1JshjRP1yW1r7SvLafqE8jLYvn3vknPhYp1ts3EhcmckIHiXS5dW_tO4XxBx7tE0kSWlUoCe_10IqqW6uRKXFuwfRWLd2KDUIIth4g2YoUrwFyQBxt2qcdjm4MQPVF0-JpNxWZN3VwbOcpKLG0gSsGppvmhuJI0eRujJzbAlxL3fY9682UZLE9JTzzX4gRTaxL5VZGau6Q0iIfzh_U1A","token_type":"bearer","id_token":"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI3ZWM1MTdhOS1hZjg2LTRiMDEtYjUyZi1lNjExOWMwYjBhZTciLCJleHAiOjE0MzI3MDkyNjYsIm5iZiI6MCwiaWF0IjoxNDMyNzA4OTY2LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvcXYyIiwiYXVkIjoicXYyLXJlc3QiLCJzdWIiOiI1MjYxMGUyNS1kMDhmLTQ3MmEtYWU1ZC1jOThhNmU2MmI4ZDMiLCJhenAiOiJxdjItcmVzdCIsInNlc3Npb25fc3RhdGUiOiIyMzQ1ZmY0Mi1lYTQ1LTRhNjEtYWIxYi0yNWQxY2VjZmY3MjIiLCJlbWFpbCI6InB1YnVkdUBzb21ld2hlcmUuY29tIiwibmFtZSI6IlB1YnVkdSBHdW5hd2FyZGVuYSIsImZhbWlseV9uYW1lIjoiR3VuYXdhcmRlbmEiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJwdWJ1ZHUiLCJnaXZlbl9uYW1lIjoiUHVidWR1In0.C5REGCEQyaWmkhbc0DrWW74m0bbeM2cKWcKJvlkvz17VZPh9sZ1eaiXdRD9pGZ1iACGPLpoCYrMkcrF5FbIX7ng7NggVbf2VEdNCeDUgZ8oDRSJlKyqeGdYWnKsi6dpwrmcPZW9BffWcqkzJv1BUbSII2tejjnB4BWz7bCvesF3ge_KKwkfy-COk8RGx_G4oxp21Ik1pQbVoiqifRQALuK252NKuuV-sXI4dd4ltj0TOca9DKNHlHMyCoRVwDVRsqMMWGfWXpqwacEh35wp8r3VDgQ00vcOnEfiraadwoPYnIsjPK5ZnfSFZlBxyDTNP76tXX1Jd5AHMUPyvOC1YhA","not-before-policy":0,"session-state":"2345ff42-ea45-4a61-ab1b-25d1cecff722"}

-- 
Thanks,
Pubudu