camiloiglesias96
commented
4 years ago Hello @robsontenorio , 2 hours after debugging I have found the possible fault and it has to do with the way we save the key and that is that the .env file has some return format that the function in charge of formatting the public key does not like and it causes the JWT implementation to fail and say that said key does not correspond to the signature of the token that we send in our headers Bearer.
Some way I found to manage this was by saving a .keycloak_pk.pub file in the storage directory and then in the keycloak.php file get the contents like this:
<?php
return [
'realm_public_key' => env('KEYCLOAK_REALM_PUBLIC_KEY', file_get_contents(storage_path('app\.keycloak_pk.pub'))),
...
];
robsontenorio
Hi @robsontenorio ,
I am using your package and i reviewed all my keycloak settings and still getting the error "[Keycloak Guard] Signature verification failed".
Sometimes i see different implementations about to build a private or public cert key. A lot of people use "----- BEGIN PUBLIC KEY --- " and other people use "----- BEGIN CERTIFICATE -----". I really dont know what is the correct way but i tried both and didnt work the auth.
Can you teach me how extract the public and private key from my keycloak, maybe i using the wrong key pair?
Thanks