[keycloak-user] How does a bearer only client validate

Pulkit Gupta pulgupta at redhat.com
Thu Jun 1 02:08:58 EDT 2017 

Thanks Chris for the explanation. The whole thing is more clear to me now.

Regards,
Pulkit

On Wed, May 31, 2017 at 11:18 PM, Chris Benninger <cbenninger at phemi.com>
wrote:

> Keycloak has a keypair. Clients that trust that Keycloak instance are
> given the public key.  Keycloak uses the private key to sign the tokens it
> generates. The way JWT works is you can validate that tokens were signed by
> a private key as long as you have the corresponding public key. Therefore
> any JWT tokens that a trusted service generates can be validated using only
> it's public key.
>
> The Keycloak libs on the REST backend service talk to Keycloak once (when
> the first request comes in) and pulls down the public key it needs to
> validate the tokens. For all further requests It then uses this public key
> to verify the signature and if it is valid, the timestamp is valid and a
> few other fields are valid, the token facts will be extracted and provided
> to whatever enforcement mechanism you are using.
>
> https://jwt.io/introduction/
>
> On Wed, May 31, 2017 at 5:14 AM, Pulkit Gupta <pulgupta at redhat.com> wrote:
>
>> Hi All,
>>
>> I have two keycloak client one is a public client using implicit flow and
>> authenticating the user via a redirect and then once the user is
>> authenticate the client receives a token.
>> This token is then passed to a REST based backend service which validate
>> it
>> before providing access to the API data.
>>
>> I am looking for more information on how does a bearer only client
>> validates the token which it receives from the JavaScript based public
>> client. I will also be interested to understand more about the
>> relationship
>> of these two clients based on scope to make this setup work
>>
>>
>> --
>>
>> PULKIT
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>


-- 

PULKIT GUPTA

SENIOR SOFTWARE APPLICATIONS ENGINEER

Red Hat IN IT GBD <https://www.redhat.com/>

Pune - India

pulgupta at redhat.com    T: +91-2066817536
<http://redhatemailsignature-marketing.itos.redhat.com/>     IM: pulgupta
<https://red.ht/sig>

More information about the keycloak-user mailing list