We want to validate the refresh token at the application level. The refresh token is a HS256 token. How can I get the secret used by keycloak to sign this token?
I tired this query in postgres to retrive the secret, but unfortunately using this secret still shows signature is invalid.
SELECT value FROM component_config CC INNER JOIN component C ON(CC.component_id = C.id) WHERE C.realm_id = ‘master’ and provider_id = ‘hmac-generated’ AND CC.name = ‘secret’;
Please can somone advice?