[keycloak-user] HS256 Shared Secret
Nick Powers
sshscp at gmail.com
Mon Sep 23 11:06:49 EDT 2019
I suggest using RSA instead of HS256. With RSA you can confirm the the
authenticity of the JWT by using Keycloak's public key. The url
https://<keycloak-server>/auth/realms/<realm>
contains a json response with the public key.
On Mon, Sep 23, 2019 at 5:02 AM Stian Thorgersen <sthorger at redhat.com>
wrote:
> Keycloak does not support a shared secret at the moment. Tokens signed with
> HS256 can only be verified by Keycloak.
>
> Why are you asking?
>
> On Fri, 20 Sep 2019, 19:30 Sam Lewis, <sam at focus21.io> wrote:
>
> > How do you retrieve and HS256 shared secret?
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list