I'm working on integrating Keycloak into an existing application. As part of this process I need to test that the web application can accept JWT tokens generated from keycloak.
I have read the API docs http://www.keycloak.org/docs-api/3.4/rest-api/index.html and could not find any methods for creating a JWT token.
Does anyone know of any REST API methods for creating a JWT token in Keycloak?
As per the keycloak mailing list details provided by keycloak mailing list members [Виталий Ищенко and Hynek Mlnarik]
Depends a lot on what JWT you want to issue. For samples of generating
access token, see [1], for action token, see [2], custom, see [3].
[1]https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java#L698
[2]https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/authentication/actiontoken/DefaultActionToken.java#L140
[3]https://github.com/keycloak/keycloak/blob/master/core/src/main/java/org/keycloak/jose/jws/JWSBuilder.java
Keycloak follows OIDC spec, and you can use any of flows, defined in OAuth2
[1] as well as some additional flows added in OIDC
OIDC dictates usage of JWT, so access tokens (as well as refresh_token,
id_token and others are JWT) will be returned in JWT format
To find out addresses of token and authentication, keycloak provides OIDC
discovery url, i.e. http://keycloakhost:keycloakport/auth/realms/{realm}/.well-known/openid-configuration
There are bunch of libs that will allow to simplify token request
procedures written for OIDC spec. But Keycloak has a set of adapters
written, that can fit nicely into your existing technology stack [2]. I
think allow of them allow to access raw JWT tokens
[1] https://aaronparecki.com/oauth-2-simplified/
[2] http://www.keycloak.org/docs/latest/securing_apps/index.html#openid-connect-3