[keycloak-user] kid and x5t jwt header
Robert .
robert.discussions at gmail.com
Wed Mar 1 10:42:50 EST 2017
Hi,
A (.net) application has stored multiple certificates. It wants to choose
the appropriate certificate to validate the signature in the received jwt.
Regarding this I have the following questions.
What exactly is the key ID (kid) header in the jwt? Is it possible to use
this to find the right certificate.
Is it possible to add a x.509 certificate thumbprint (x5t) header in the
jwt created by keycloak? Is there a feature request for this? Could I
implement this myself via some extension mechanism?
Or do I need to add it in the core source code and submit it to be included
in the keycloak product?
Regards,
Robert
More information about the keycloak-user
mailing list