[keycloak-user] k_query_bearer_token, is there a way to query the associated public key?

Scott Stark sstark at redhat.com
Wed Feb 1 15:42:47 EST 2017


I was able to find the public key from the Realm Settings/Keys section of the admin console, but I'm not able to get the signature to verify on the https://jwt.io debugger.

For example, this token and public key won't work to verify the signature:

eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJGeFZlX1pUTHBoU0JrMGZMSDBmaDltUWY1OWkzNnVXOFBDeFFvWkE4eHdvIn0.eyJqdGkiOiIwYTJlNDljNy05ZTA1LTQ3MmUtOGQ5OS02ZGYwOGYxYmY5MzYiLCJleHAiOjE0ODU5ODAwMTMsIm5iZiI6MCwiaWF0IjoxNDg1OTc5NzEzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvYXV0aC9yZWFsbXMvTWljcm9wcm9maWxlIiwiYXVkIjoidmFuaWxsYSIsInN1YiI6IjhjM2Y1ZTRiLWZiM2EtNDZiYS04ODk5LTQyNTNkNzQzMGI4ZiIsInR5cCI6IkJlYXJlciIsImF6cCI6InZhbmlsbGEiLCJhdXRoX3RpbWUiOjE0ODU5NzY5ODgsInNlc3Npb25fc3RhdGUiOiJlYmQxMDgyZi02MWI3LTRlNzEtYTBkNi1iZTc1MzA3ODYzNjMiLCJhY3IiOiIwIiwiY2xpZW50X3Nlc3Npb24iOiI1NDhhZTVjNi1mZTU4LTQwZGQtOWY0Yy03NmE4N2EwMjcwYzciLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL2xvY2FsaG9zdDo4MDgwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19LCJuYW1lIjoiTWljcm9wcm9maWxlIERlbW8iLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJkZW1vIiwiZ2l2ZW5fbmFtZSI6Ik1pY3JvcHJvZmlsZSIsImZhbWlseV9uYW1lIjoiRGVtbyIsImVtYWlsIjoibXBkZW1vQHN0YXJraW50ZXJuYXRpb25hbC5jb20ifQ.TAgwCENsVF9bug3TbvjB-KD_kT3AfLDduK_vQ-1Gp5ejeDLRVcppktXpIWe1jhJTKmqXIwL48S636BYrP35iNmlJLGIxm706o-BU6SO8IJND_OJdfbCdkUrekcGTS8k5B2D_idQnnl-DcwKJs0Mqv8q_XD2XqCTAu1nTKsrTlFn6QoZ0_-Q_bRsmZ_Rgob5Gf4Vw93I5OnS5zRUV_qi-VEDTEtAO3YlfWdTJXYXYeSGVXTjExw6TikYlcQETolfr-sxhfcPEH5KWQnUw_40hb12Zzxp3DdnJuQ34NKe5vgPNW1Q3geT7YLGYcY1pJFmvLEKxDC5WxRNMp_PFYLYxTA

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhir7PLNN6PafmxEN89tXD+vJGU+Io2QcnyAxw6MzGSYD1Rla3fzIVRBlhbq3rYd8SWcPPZ2i/SAyfnzt3d9KPef+Vp8v3GfuVn2NoutPsxJA/1do+vcW/lT5EDtbl9GQovMvFHE4JbgStdaRLD/4/w90zjbmEU4/J5beiqMAYioJQ5suE7P4N5OulZobPGI0hibQ9lWM03gWocCnP1RtXWfzliQ0F2LqrBJS6GckcRwln/q0sacgK1ZC/XLIty7w88bxV7PXKfgsqROId/1Fl6kJBl6AjdQkJtSQxo+UOW4AJvABg6qvcC0bg1JkzDY0OPEMAm+AhUvdYzxrklvCJwIDAQAB

----- Original Message -----
From: "Scott Stark" <sstark at redhat.com>
To: keycloak-user at lists.jboss.org
Sent: Wednesday, February 1, 2017 11:50:34 AM
Subject: [keycloak-user] k_query_bearer_token, is there a way to query the associated public key?

So I can query the current access token via the myapp-root/k_query_bearer_token when expose-token is set to true, but is there a way to query the public key associated with the signature portion of the token?
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list