lknite
commented
1 year ago I also wonder about this, when configuring oidc in other apps it has never asked for that value ...
Closed serumk closed 1 year ago
lknite
commented
1 year ago I also wonder about this, when configuring oidc in other apps it has never asked for that value ...
mariovalney
commented
1 year ago Hi! You are right guys: it's never used.
I created this package based on robsontenorio/laravel-keycloak-guard and it's used there.
We must remove it from config.
Hi Mario,
what's the purpose of the realm public key? As far as I have seen it's not used in the codebase. I guess it could be used to check against the key encoded in the x509 certificate that can be found at /realms/REALM/protocol/openid-connect/certs at the x5c-key after extracting it from the x509 certificate. Though this might be a problem if the Keycloak key rotation is used, because one would have to update it in the application. Or am I completely wrong?