[keycloak-user] Getting a realm public key without credentials
Jean-Baptiste Fouet
jbf.nospam at gmail.com
Tue Jun 19 11:01:57 EDT 2018
Hi, we are trying to integrate keycloak in our system, and in order to
check the genreate access token, we need a realm public key. We would like
to avoid configuring crednetila on all endpoint needing to check a JWT
token, so it would be great to be able to get keycloak key without any
credentials.
i did found the endpoint
http://localhost:8080/auth/realms/{realm}
<http://%7b%7bkchost%7d%7d:8080/auth/realms/ISEP/>
which give the following json,without auth:
{"realm":{realm},"public_key":"xx","token-service":"http://localhost:8080/auth/realms/{realm}/protocol/openid-connect","account-service":"http://localhost:8080/auth/realms/{realm}/account","tokens-not-before":0}
Unfortunately, here there is no key id, so i can't handle several JWT
provider or even a single keycloak with key rotation.
Now, i found a more detailed key interface under
http://localhost:8080/auth/admin/realms/{realms}/keys, returning for
each key the status, type (algorithm), an the keyid.
But i need credentials to access this interface, even though its only
public data (HMAC & AES keys are NOT provided).
I accessed it with the keycloak master admin, i do not want to spread
his credentials everywhere, but i would be ok if i could create a
user with limited rights to access only that
Any suggestions on how to proceed ? Is there another endpoint to get
this fulll info ?
The doc doesnt clearly states the roles needed to access
auth/admin/realms/{realms}/keys
Thank you
JB
More information about the keycloak-user
mailing list