Generate JWT Token in Keycloak and get public key to verify the JWT token on a third party platform

jwt keycloak apigee keycloak-services
50,632

This got figured out with the help of this medium article. All the steps I have mentioned below have a detailed description in the article (Refer step 1 to 9 for token part, other steps are related to Spring Boot application) but I would like to give a overview of those in reference to my question.

Generating a JWT token using KeyCloak

  1. Install and run KeyCloak server and go to the endpoint (e.g http://localhost:8080/auth). Log in with an initial admin login and password (username=admin, password=admin).
  2. Create a Realm and a Client with openid-connect as the Client Protocol.
  3. Create users, roles and map Client Role To User.
  4. Assuming the server being on localhost, visiting the http://localhost:8080/auth/realms/dev/.well-known/openid-configuration gives details about all security endpoints
  5. http://localhost:8080/auth/realms/dev/protocol/openid-connect/token sending a POST request with valid details to this URL gives the JWTtoken with.

Getting the public key of the KeyCloak server

  • Going to Realm Settings and click on Public key pops up with the Public key of the server for that Realm. Refer to this image for better understanding.
  • Add -----BEGIN PUBLIC KEY----- and append -----END PUBLIC KEY----- to this copied public key to use it anywhere to verify the JWTtoken. You public key should finally look something like this:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhAj9OCZd0XjzOIad2VbUPSMoVK1X8hdD2Ad+jUXCzhZJf0RaN6B+79AW5jSgceAgyAtLXiBayLlaqSjZM6oyti9gc2M2BXzoDKLye+Tgpftd72Zreb4HpwKGpVrJ3H3Ip5DNLSD4a1ovAJ6Sahjb8z34T8c1OCnf5j70Y7i9t3y/j076XIUU4vWpAhI9LRAOkSLqDUE5L/ZdPmwTgK91Dy1fxUQ4d02Ly4MTwV2+4OaEHhIfDSvakLBeg4jLGOSxLY0y38DocYzMXe0exJXkLxqHKMznpgGrbps0TPfSK0c3q2PxQLczCD3n63HxbN8U9FPyGeMrz59PPpkwIDAQAB
-----END PUBLIC KEY-----

Validating the token on a third party platform

  • jwt.io is a great website for validating JWTtokens. All we have to do is paste the token and public key. Read the introduction of the website here to know more about validating the tokens.
Share:
50,632
Amit Yadav
Author by

Amit Yadav

Never stop learning.

Updated on August 02, 2020

Comments

  • Amit Yadav
    Amit Yadav over 3 years

    There is an Endpoint to a backend server which gives a JSON response on pinging and is protected by an Apigee Edge Proxy. Currently, this endpoint has no security and we want to implement Bearer only token authentication for all the clients making the request. All the clients making the requests to API will send that JWT token in Authorization Bearer and Apigee Edge will be used to verify the JWT Token.

    How do I use Keycloak to generate this JWT token?

    Also, Apigee needs a public key of the origin of the JWT token (the server which signed the JWT token, in this case, I believe that is Keycloak). So my second doubt is, while I use Keycloak to generate the JWT token, how to get the public key using which the server will verify if the token is valid?

  • rooch84
    rooch84 about 4 years
    If you need the public key dynamically, you can retrieve it from http(s)://<hostname>/auth/realms/<realm name>
  • Tarun Pande
    Tarun Pande almost 4 years
    Do you know how to validate/verify the token received via Keycloak?
  • DARKVIDE
    DARKVIDE almost 3 years
    @TarunPande you can verify token signature locally with public key for example in php with openssl_verify(string $data, string $signature, mixed $pub_key_id, mixed $signature_alg=null)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Didn't find publicKey for kid ,Keycloak?
Keycloak Angular 2 - Check authenticated status Keycloak object
add claims to access token keycloak
Keycloak REST API 403 forbidden
How to get userinfo in springboot using keycloak?
How to generate jwt token through keycloak rest api?
KeyCloak : No 'Access-Control-Allow-Origin' header is present on the requested resource
Keycloak, not returning access token if update password action selected
Avoid keycloak default login page and use project login page
Keycloak Invalid token issuer