How to verify id_token

Jov7771 · April 27, 2022, 1:59pm

I need verify id_token
With head
{
“alg”: “RS256”,
“typ”: “JWT”,
“kid”: “some kid”
}

When you have publick_key and id_token(jwt)
You can verify token.

I obtain publick_key from
https://{somehost}/auth/realms/{somerealm}

Then I try create
PublickKey object

X509EncodedKeySpec keySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(publickKeyStr);
KeyFactory kf = KeyFactory.getInstance("RSA")
PulblickKey publickKey = kf.generatePublick(keySpec);

Then I try verify token

try {
Claims claims = Jwts.parserBuilder()
	.setSigningKey(publickKey).build().parseClaimsJws(idToken).getBody();
} catch {io.jsonwebtoken.security.SecurityException | MalformedJwtException e) {
	log.info("Invalid Keycloak JWT signature");
}

Then I have error
Invalid Keycloak JWT signature

How to validate that.

I need help.

Topic		Replies	Views
Custom OIDC IdP that only validates external token with Public Key Extending the server identity-brokering , oidc	0	213	October 22, 2023
Java + Keycloak -> token verification Configuring the server	1	775	June 16, 2023
Using client secret to signing tokens instead of realm keys Getting advice authentication , oidc	2	2276	July 1, 2022
Can resource server validate JWT signature? Securing applications	3	589	September 30, 2020
As an Identity Broker, can Keycloak be configured to receive encrypted ID Tokens? Getting advice identity-brokering	3	1830	October 28, 2021

How to verify id_token

Related Topics