Menu
I have an app deployed with docker, one of the microservices is a jboss/keycloak server. Everything works fine, but keycloak RSA public key need to be retrieved manually. Is it possible to retrieve RSA public key through REST API?
732
However, if I login to keycloak admin page and go into the realm settings-> keys and click the public key, a popup shows the public key minus the "-----BEGIN PUBLIC KEY-----" and "-----END PUBLIC KEY-----" headers and footers. Hard coding this enables everything to work.
When admin rotates the realm keys in Keycloak admin console, the Client Adapter will be able to recognize it and automatically download new public key from Keycloak. However this automatic download of new keys is done just if you don't have realm-public-key option in your adapter with the hardcoded public key.
The url https://<keycloak-server>/auth/realms/<realm> contains a json response with the public key. This isn't advertised so it may change or go away. Using https://<keycloak-server>/auth/realms/<realm>/protocol/openid-connect/certs and setting up something to monitor the jwks response would be a much more maintainable way of handling it.
181
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
