how to locally validate keycloak access tokens using the public key
Question
I am using Keycloak with spring boot and Kotlin, I am using the bare minimum set up with keycloak.json which looks like this. and with annotation like @PreAuthorize("isAuthenticated()") to secure my endpoint. And the keycloak set up is Client Authenticator = Client Id and secret with standard flow enabled.
{
"realm": "dev",
"realm-public-key" : " public key here ",
"auth-server-url": "http://localhost:8085/auth/",
"ssl-required": "external",
"resource": "test_service",
"verify-token-audience": true,
"credentials": {
"secret": " secrete here"
},
"use-resource-role-mappings": true,
"confidential-port": 0
}
and I am using only "Keycloak-spring-security-adapter" in the documentation section "2.6.2. Validating Access Tokens" it says that I can use JWT to locally validate access tokens using the public key, but couldn't find an example in java or Kotlin, at the moment the validation is done by sending it to Keycloak server as I understand it, how can I stop it from doing that and validate the token locally(offline) without contacting the server using a public key, if you could point me in the right direction or if you know an example or blog, that would be very helpful.
1 answers
solution1
1 ACCPTED 2020-04-03 21:07:17
As part of your configuration you can create a org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter Bean and pass the public key via its
setVerifierKey(String key)
method
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.