[keycloak-user] JWT - Signature Verification Failure

Charles Moulliard cmoullia at redhat.com
Tue Dec 20 11:23:31 EST 2016


Hi,

Is there a workaround when we use Keycloak 1.9.4 to avoid that the client
who will verify the certificate of the JWT will issue this error

WARNING: JWT decode failure
java.lang.RuntimeException: Signature verification failed
at io.vertx.ext.auth.jwt.impl.JWT.decode(JWT.java:200)
at
io.vertx.ext.auth.jwt.impl.JWTAuthProviderImpl.authenticate(JWTAuthProviderImpl.java:84)

    if (!crypto.verify(base64urlDecode(signatureSeg),
signingInput.getBytes(UTF8))) {
      throw new RuntimeException("Signature verification failed");
    }

Is it because the token is not base64 ?

Regards,

Charles Moulliard
Sr. Pr. Software Engineer @redhat
cmoulliard at redhat.com | work: +31 205 65 12 84 | mobile: +32 473 60 40 14
Twitter: @cmoulliard <http://twitter.com/cmoulliard> | blog:
cmoulliard.github.io
committer: apache camel, karaf, servicemix, hawtio, fabric8, drools, jbpm,
deltaspike


More information about the keycloak-user mailing list