[keycloak-user] How to verify jwt token with jwt.io or javascript programme

Dmitry Telegin dt at acutus.pro
Thu Jul 12 13:30:02 EDT 2018


Hi Christophe,

jwt.io expects the public key in full PEM format, like this:

-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuc0fiNYtzlRN+nDqKg5qqoLN5Qj
/7te1BauoXK8wow5eVamKc9xPjNG99kz0VQcMtPOwqHWEUSwFr77nPhJOYB5ea0ERCeh224
Swiy/mLaxcIJOu9Mex+XZw1kRcxBU64iE9bDs4xi3PYgt+zPVOdqWmF54jiZIRnWAGPa5uX
4AFrwykfDGc+MH6jFiJKxUs0m9VSlmpRj8+/MWVBbNDx7m67xWV6FXbcgsFGrv1+yNIpTrp
leqNpm1M9dHVyVeJYroHEblmNbDj0iqAyKJqPLjNGhM7gYmuckv+vzun9MuiO8fFrguO3+y
hCXhcibdf3hy6ryfGWyFFwdEO8eTB9wIDAQAB
-----END RSA PUBLIC KEY-----

You need to copy your public key from Keycloak realm -> Keys -> Active
-> RSA, then add header and footer, and paste it into the public key
field in jwt.io.

As for JavaScript libraries, you'll need to consult the documentation
for the library of your choice.

Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

On Thu, 2018-07-12 at 09:57 +0200, Christophe Lehingue wrote:
> Hello,
> 
> How can I check the signature of a token (with https://jwt.io/ or an
> external javascript programm) ?
> 
> The configuration of my client is of "public" acces type :
> 
> 
> The keys I use are those defined in the "keys" area of the "realm"
> created :
> 
> 
> 
> But that does not work: do you have any idea how could I do this
> check?
> 
> Thanks and good day.
> 
> Regards,
> 
> Christophe
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list