堆栈内存溢出
  简体   繁体   English

如何使用公钥在本地验证 keycloak 访问令牌

[英]how to locally validate keycloak access tokens using the public key

 原文  2020-04-01 15:20:10       java/ spring-boot/ kotlin/ jwt/ keycloak

问题描述

I am using Keycloak with spring boot and Kotlin, I am using the bare minimum set up with keycloak.json which looks like this.我正在使用带有 Spring Boot 和 Kotlin 的 Keycloak,我使用的是 keycloak.json 的最低设置,看起来像这样。 and with annotation like @PreAuthorize("isAuthenticated()") to secure my endpoint.并使用@PreAuthorize("isAuthenticated()") 之类的注释来保护我的端点。 And the keycloak set up is Client Authenticator = Client Id and secret with standard flow enabled.密钥斗篷设置是客户端身份验证器 = 客户端 ID 和启用标准流程的机密。

{
  "realm": "dev",
  "realm-public-key" : " public key here ",
  "auth-server-url": "http://localhost:8085/auth/",
  "ssl-required": "external",
  "resource": "test_service",
  "verify-token-audience": true,
  "credentials": {
    "secret": " secrete here"
  },
  "use-resource-role-mappings": true,
  "confidential-port": 0
}

and I am using only "Keycloak-spring-security-adapter" in the documentation section "2.6.2. Validating Access Tokens" it says that I can use JWT to locally validate access tokens using the public key, but couldn't find an example in java or Kotlin, at the moment the validation is done by sending it to Keycloak server as I understand it, how can I stop it from doing that and validate the token locally(offline) without contacting the server using a public key, if you could point me in the right direction or if you know an example or blog, that would be very helpful.并且我在文档部分“2.6.2. Validating Access Tokens”中仅使用“Keycloak-spring-security-adapter”,它说我可以使用 JWT 使用公钥在本地验证访问令牌,但找不到java或Kotlin中的示例,目前验证是通过将其发送到Keycloak服务器来完成的,我怎么能阻止它这样做并在本地(离线)验证令牌而不使用公钥联系服务器,如果你可以指出我正确的方向,或者如果你知道一个例子或博客,那将非常有帮助。

1 个解决方案

解决方案1
 1 已采纳  2020-04-03 21:07:17

As part of your configuration you can create a org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter Bean and pass the public key via its作为配置的一部分,您可以创建一个org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter Bean 并通过其传递公钥

setVerifierKey(String key) setVerifierKey(字符串键)

method方法

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Keycloak Spring 安全适配器如何使用公共 Keycloak 客户端验证访问令牌? - How can Keycloak Spring Security Adapter validate access token using public Keycloak client? 如何使用公共密钥通过vertx验证JWT令牌 - How to use public key to validate JWT Token using vertx 如何在 Java 中验证公钥和私钥对 - How to validate a public and private key pair in Java 如何使用 JwtDecoder 在本地验证 JWT? - How to locally validate JWT using JwtDecoder? GitHub App访问令牌API错误:集成必须生成一个公共密钥 - GitHub App Access Tokens API ERROR : Integration must generate a public key 使用公钥/私钥技术限制对Web应用程序的访问 - Restricting access of a Web application using public key/ private key techniques 在Android设备上本地存储公钥 - Storing public key locally on android device 如何使用Java存储公钥mysql? - how to store public key mysql using Java? 如何使用 keytool 打印证书的公钥? - How to print the public key of a certificate using keytool? 如何使用jQuery按Tab键进行验证 - How to validate on pressing tab key using jquery
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM