Hi All,
I’m having an issue with verifying Keycloak refresh token signature because the signature algorithem is HMAC.
Please consider in my use case I’m using Keycloak refresh token as a grant for another authentication layer for business need which we issue based on current refresh token validity. So I need to know whether refresh token was issued by our keyclock or not. So how can I do this ? Anyone have idea about the HMAC key that used to hash refresh token signature by keycloak ?
Thank you.