[keycloak-user] HS256 Shared Secret
Nick Powers
sshscp at gmail.com
Thu Sep 26 12:09:12 EDT 2019
Check out the following link:
https://medium.com/@ddarie/jwt-authentication-with-sha-and-rsa-307e272f913f
under
the "Customise JWT to use RSA256" section.
On Wed, Sep 25, 2019 at 2:35 AM Stian Thorgersen <sthorger at redhat.com>
wrote:
> Refresh tokens should not be verified by applications, nor should they be
> used by applications for anything other than obtaining new tokens. They
> should be considered opaque.
>
> On Mon, 23 Sep 2019, 18:57 Chandrashekhar, Nithin, <
> Nithin.Chandrashekhar at teradata.com> wrote:
>
>> Is there any way we can use RSA for signing refresh tokens instead of
>> HS256?
>>
>> Thanks
>> Nithin
>>
>> On 9/23/19, 8:25 AM, "keycloak-user-bounces at lists.jboss.org on behalf
>> of Nick Powers" <keycloak-user-bounces at lists.jboss.org on behalf of
>> sshscp at gmail.com> wrote:
>>
>> [External Email]
>> ________________________________
>>
>> I suggest using RSA instead of HS256. With RSA you can confirm the
>> the
>> authenticity of the JWT by using Keycloak's public key. The url
>> https://<keycloak-server>/auth/realms/<realm>
>> contains a json response with the public key.
>>
>> On Mon, Sep 23, 2019 at 5:02 AM Stian Thorgersen <sthorger at redhat.com
>> >
>> wrote:
>>
>> > Keycloak does not support a shared secret at the moment. Tokens
>> signed with
>> > HS256 can only be verified by Keycloak.
>> >
>> > Why are you asking?
>> >
>> > On Fri, 20 Sep 2019, 19:30 Sam Lewis, <sam at focus21.io> wrote:
>> >
>> > > How do you retrieve and HS256 shared secret?
>> > > _______________________________________________
>> > > keycloak-user mailing list
>> > > keycloak-user at lists.jboss.org
>> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>> > >
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
More information about the keycloak-user
mailing list