"Manual" validation of JWT in Java

I’m assessing how to best secure a vendor app with Keycloak.

I have hooks in the system where I can intercept an incoming token on the Auth header – and I need to validate this token (ideally caching the keys to minimize round trips to Keycloak).

This doesn’t use spring security and wouldn’t fit as a servlet filter – what is the suggested approach here short of just using a rest client to manually perform the steps?


Tutorial: Create and Verify JWTs in Java

Thank you - makes total sense. I ended up going with the Auth0 library.