How to fetch KID from an confidential client Signed JWT integration

Hello, I’m currently trying to set up a confidential client that will sign a JWT and send it to the /Token endpoint.
I have made a keypair and placed the certificate PEM inside the Keycloak Admin panel. However, I can’t find any way to figure out what the KID is for this certificate. (This is to know what KID that should be used in the Signed JWT)
The only way I have managed to fetch it, is by putting a debugger on the code, and put a breakpoint on InfinispanPublicKeyStorageProvider.class and see what the random generated KID is.

I am not using a Keycloak adapter for the client as we can’t expect the third parties to use these, but should be able to integrate any third party.

I have tried to go through the rest documentation to see if there is a way to fetch the KID, but I can only fetch the KID from the Keys on the realm, and not the Signed JWT certificate which is placed on a client.
Any ideas?

1 Like

Same problem here : In the “Credentials” tabs of a client, whether I try to import an existing certificate (for which I know the alias) or whether I use keycloak to generate a new one (thus explicitly specifying the alias in the form), the specified alias is never honored and custom kid seems to be generated by keycloak for its storage.

Quite confusing.