You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are different ways how Keycloak can authenticate a client (that is, not the user but the backend or frontend). So far we use a client secret but we also need to support signed JWT.
Here, the client (!) generates a private/public key pair, creates a JWT and signs it with the private key. Additionally, Keycloak needs to know about the public key. There are two options: 1) Upload the key manually. 2) An admin can configure a URL where Keycloak can fetch the cert. This allows rotating keys without having to reconfigure Keycloak and is therefore preferred.
There are different ways how Keycloak can authenticate a client (that is, not the user but the backend or frontend). So far we use a client secret but we also need to support signed JWT.
Here, the client (!) generates a private/public key pair, creates a JWT and signs it with the private key. Additionally, Keycloak needs to know about the public key. There are two options: 1) Upload the key manually. 2) An admin can configure a URL where Keycloak can fetch the cert. This allows rotating keys without having to reconfigure Keycloak and is therefore preferred.
I've made a working PoC how this can be achieved: https://github.com/bakdata/python-keycloak-oauth/pull/5/files
I think the following things are missing:
The text was updated successfully, but these errors were encountered: