[keycloak-user] Verification of Access Token failed
Tim Rademacher
t.rademacher at gmx.de
Fri Nov 9 14:01:50 EST 2018
Hi all,
I am struggling with access token verification.
So here is what I am doing (using Keycloak 4.5):
1. Generate an offline auth code from Client A.
2. Generate a refresh token from Client A.
3. Generate an access token from Client A. This token has an *ES256*
Signatur.
When using this token, I got an error from my Spring Boot application, that
the used public key was not available: "Didn't find publicKey for specified
kid".
I set the public-key-cache-ttl to 1 sec and the log level to debug and could
see, that only one pubilc key was retrieved for my configured Client: "Realm
public keys successfully retrieved for client xxxxxxxxxx. New kids:
[xxxxx]".
As I could see in the realm settings, the key was created using *RS256*.
When I force the Client A to just use RS256 signature by setting the "Access
Token Signature Algorithm", then it works fine. But I wonder, how I could
also use other signature algorithms!? Release notes are stating, that both
(and more) algorithms are supported.
Thanks for your help!
Regards
Tim
More information about the keycloak-user
mailing list