I have successfully integrated keycloak with a react app. I am using @react-keycloak/web and keycloak-js npm package.
My question is, JWT.io should able to decode the generated access token?
JWT.io simply does a Base64 decode of a token. A JWT token can be encoded and signed, case in which a pseodocode is
public_jwt_contents = (base64(header) + . + base64(payload))
jwt = public_jwt_contents + . + sign(public_jwt_contents, alg)
Or the JWT token can be encrypted with a symetric key, case in which the contents will not be visible in jwt.io
Also the access_token does not needs to be a JWT, in the Oauth2 specs does not say anything like that. Can be any string, case in which is called an opaque token.
Anyway, by default as far as I know the tokens generated by keycloak are base64 encoded JWT tokens signed with a RSA private key. So if you paste one in jwt.io it should be able to decode it. But what I wanted to say is that any base64 decoder should reveal the contents of the claims.
The main problem is, when I integrated the local keycloak with my react app, the received access token shows Signature Valid, but when I deployed the same keycloak with same settings to a VM, the received token showed Signature invalid in the jwt.io. No sure Why?