I need verify id_token
With head
{
“alg”: “RS256”,
“typ”: “JWT”,
“kid”: “some kid”
}
When you have publick_key and id_token(jwt)
You can verify token.
I obtain publick_key from
https://{somehost}/auth/realms/{somerealm}
Then I try create
PublickKey object
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(publickKeyStr);
KeyFactory kf = KeyFactory.getInstance("RSA")
PulblickKey publickKey = kf.generatePublick(keySpec);
Then I try verify token
try {
Claims claims = Jwts.parserBuilder()
.setSigningKey(publickKey).build().parseClaimsJws(idToken).getBody();
} catch {io.jsonwebtoken.security.SecurityException | MalformedJwtException e) {
log.info("Invalid Keycloak JWT signature");
}
Then I have error
Invalid Keycloak JWT signature
How to validate that.
I need help.