Hello Keycloak Community,
I’m working on a project where I need to validate JWTs signed with an existing private key and then exchange them for Keycloak tokens with associated roles. I’m having trouble figuring out how to properly add the corresponding public key to a Keycloak client for this purpose. Here’s what I’ve tried so far:
- Used the “Add Provider” option in the realm’s Keys tab.
- Attempted to add a key in the client’s Keys tab.
However, I’m not seeing the added public key in the realm’s JWKS endpoint (/realms/master/protocol/openid-connect/certs), and I’m unsure if I’m approaching this correctly.Specifically, I need to:
- Add a public key to a Keycloak client that corresponds to an existing private key used for signing JWTs outside of Keycloak.
- Configure Keycloak to validate incoming JWTs using this public key.
- Set up a token exchange flow where, upon successful validation, Keycloak issues a new token with the roles associated with that client.
Can someone please provide step-by-step instructions on how to achieve this in Keycloak? I’m particularly interested in:
- The correct way to add a public key to a specific client (not realm-wide).
- Any necessary configuration for JWT validation using this client-specific key.
- How to set up the token exchange flow to issue a new token with client roles.
Any insights, documentation links, or code examples would be greatly appreciated. Thank you in advance for your help!