[keycloak-user] HS256 Shared Secret

Nick Powers sshscp at gmail.com
Thu Sep 26 12:09:12 EDT 2019 

Check out the following link:
https://medium.com/@ddarie/jwt-authentication-with-sha-and-rsa-307e272f913f
under
the "Customise JWT to use RSA256" section.

On Wed, Sep 25, 2019 at 2:35 AM Stian Thorgersen <sthorger at redhat.com>
wrote:

> Refresh tokens should not be verified by applications, nor should they be
> used by applications for anything other than obtaining new tokens. They
> should be considered opaque.
>
> On Mon, 23 Sep 2019, 18:57 Chandrashekhar, Nithin, <
> Nithin.Chandrashekhar at teradata.com> wrote:
>
>> Is there any way we can use RSA for signing refresh tokens instead of
>> HS256?
>>
>> Thanks
>> Nithin
>>
>> On 9/23/19, 8:25 AM, "keycloak-user-bounces at lists.jboss.org on behalf
>> of Nick Powers" <keycloak-user-bounces at lists.jboss.org on behalf of
>> sshscp at gmail.com> wrote:
>>
>>     [External Email]
>>     ________________________________
>>
>>     I suggest using RSA instead of HS256.  With RSA you can confirm the
>> the
>>     authenticity of the JWT by using Keycloak's public key.  The url
>>     https://<keycloak-server>/auth/realms/<realm>
>>     contains a json response with the public key.
>>
>>     On Mon, Sep 23, 2019 at 5:02 AM Stian Thorgersen <sthorger at redhat.com
>> >
>>     wrote:
>>
>>     > Keycloak does not support a shared secret at the moment. Tokens
>> signed with
>>     > HS256 can only be verified by Keycloak.
>>     >
>>     > Why are you asking?
>>     >
>>     > On Fri, 20 Sep 2019, 19:30 Sam Lewis, <sam at focus21.io> wrote:
>>     >
>>     > > How do you retrieve and HS256 shared secret?
>>     > > _______________________________________________
>>     > > keycloak-user mailing list
>>     > > keycloak-user at lists.jboss.org
>>     > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>     > >
>>     > _______________________________________________
>>     > keycloak-user mailing list
>>     > keycloak-user at lists.jboss.org
>>     > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>     >
>>     _______________________________________________
>>     keycloak-user mailing list
>>     keycloak-user at lists.jboss.org
>>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>

More information about the keycloak-user mailing list