I am trying to find out which keys keycloak uses for which purpose.
Within the Realm Settings→Keys I have after the installation 4 keys/algorithms: HS512, RS256, AES and RSA-OAEP. While I understand that the signing keys are required for OIDC, I tried to disable the encryption keys (AES and RSA-OAEP).
At Settings→Keys I disabled the keys and also at Clients → Advanced I disabled encryption (e.g. “ID token encryption content encryption algorithm”). Then after having performed an OIDC login by my sample client keycloak generates new keys for those keys I disabled previously and also enables them.
Is this just some default behavior, also if those keys are not really used for anything or are they maybe used for something?
Is there some way to find out which key has been really used for what during an OIDC client login?