I am using Keycloak to generate JWT and using JWK uri to validate the JWT.
When using the ESDSA algorithm for some key generation the “crv” and “alg” claim are not as per recommendation hence giving signature validation fail.
As per recommendation if alg is ES256 it means curve P-256 should be used.
In case of ES384 curve P-384 should be used and in case of ES512 curve P-521 should be used
https://datatracker.ietf.org/doc/html/rfc7518
check 3.1 section.
In case of keycloak the JWK we are getting has crv : P-384 and alg ES256.
- {
-
kid: “ohQEnwM_ARDT-cnj3G3VtHmHCjKYNA0B2Kpau3NnQvc”,
-
kty: “EC”,
-
alg: “ES256”,
-
use: “sig”,
-
crv: “P-384”,
-
x: “IzVMWH7f9EjFBK0WtEr1bnY0wtw7u-AB0-buYKpBQJTBtZkjn3cctj-Mbhyew156”,
-
y: “JuCCXj-efldNVT2FHFbUm3uzkh3Fd6djiJSnZnVySmhe6Fck6cFfCnpPZQDbtHVr”,},
-