英文:
How to validate JWT token in Keycloak using Java SDK?
问题
我对OAuth 2/OIDC相当了解,但对Keycloak还不熟悉。我需要根据JWT令牌对用户进行身份验证。
通常我会访问userInfo端点,但在Java SDK中似乎没有这样的方式可以实现?
是否有这样的方法调用和/或本地库调用,可以让我验证JWT令牌字符串(这样我就不必远程获取公钥来验证签名?)
英文:
I’m pretty savvy with OAuth 2/OIDC but new to Keycloak. I have a need to authenticate a user given a JWT token.
Normally I’d hit the userInfo endpoint but in the Java SDK I don’t see a way to do that?
Is there such a method call and/or a local library call that will just let me validate the JWT token string (so I don’t have to pull the public keys remotely to verify the signature?)
答案1
得分: 0
以下是已翻译的代码部分:
使用 Keycloak 16.1.1 jar 库,以下是对我有效的代码(尽管它在后台获取了服务器的公钥):
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.rotation.AdapterTokenVerifier;
...
KeycloakDeployment depl = KeycloakDeploymentBuilder.build(...);
String tokenToVerify = ...;
try {
var tok = AdapterTokenVerifier.verifyToken(tokenToVerify, depl);
// 通过验证
tok.getPreferredUsername(); // 用户名
tok.getSubject(); // Keycloak 用户 ID
}
catch(VerificationException e) {
// 验证失败
}
请注意,上述代码是针对 Keycloak 16.1.1 版本的库编写的,并包括了令牌验证的基本操作。如果需要更多详细信息或特定上下文,请提出相关问题。
英文:
With Keycloak 16.1.1 jar libraries, this is what worked for me (although it does pull the public keys off the server behind the scenes):
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.rotation.AdapterTokenVerifier;
...
KeycloakDeployment depl = KeycloakDeploymentBuilder.build(...);
String tokenToVerify = ...;
try{
var tok = AdapterTokenVerifier.verifyToken(tokenToVerify, depl);
// passed
tok.getPreferredUsername(); // user name
tok.getSubject(); // keycloak user id
}
catch( VerificationException e){
// failed
}
专注分享java语言的经验与见解,让所有开发者获益!
评论